Grid Community Toolkit  6.2.1629922860 (tag: v6.2.20210826)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
kex.h
1 /* $OpenBSD: kex.h,v 1.114 2021/01/31 22:55:29 djm Exp $ */
2 
3 /*
4  * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 #ifndef KEX_H
27 #define KEX_H
28 
29 #include "mac.h"
30 #include "crypto_api.h"
31 
32 #ifdef WITH_OPENSSL
33 # include <openssl/bn.h>
34 # include <openssl/dh.h>
35 # include <openssl/ecdsa.h>
36 # ifdef OPENSSL_HAS_ECC
37 # include <openssl/ec.h>
38 # else /* OPENSSL_HAS_ECC */
39 # define EC_KEY void
40 # define EC_GROUP void
41 # define EC_POINT void
42 # endif /* OPENSSL_HAS_ECC */
43 #else /* WITH_OPENSSL */
44 # define DH void
45 # define BIGNUM void
46 # define EC_KEY void
47 # define EC_GROUP void
48 # define EC_POINT void
49 #endif /* WITH_OPENSSL */
50 
51 #define KEX_COOKIE_LEN 16
52 
53 #define KEX_DH1 "diffie-hellman-group1-sha1"
54 #define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
55 #define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
56 #define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
57 #define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
58 #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
59 #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
60 #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
61 #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
62 #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
63 #define KEX_CURVE25519_SHA256 "curve25519-sha256"
64 #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
65 #define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com"
66 
67 #define COMP_NONE 0
68 /* pre-auth compression (COMP_ZLIB) is only supported in the client */
69 #define COMP_ZLIB 1
70 #define COMP_DELAYED 2
71 
72 #define CURVE25519_SIZE 32
73 
74 enum kex_init_proposals {
75  PROPOSAL_KEX_ALGS,
76  PROPOSAL_SERVER_HOST_KEY_ALGS,
77  PROPOSAL_ENC_ALGS_CTOS,
78  PROPOSAL_ENC_ALGS_STOC,
79  PROPOSAL_MAC_ALGS_CTOS,
80  PROPOSAL_MAC_ALGS_STOC,
81  PROPOSAL_COMP_ALGS_CTOS,
82  PROPOSAL_COMP_ALGS_STOC,
83  PROPOSAL_LANG_CTOS,
84  PROPOSAL_LANG_STOC,
85  PROPOSAL_MAX
86 };
87 
88 enum kex_modes {
89  MODE_IN,
90  MODE_OUT,
91  MODE_MAX
92 };
93 
94 enum kex_exchange {
95  KEX_DH_GRP1_SHA1,
96  KEX_DH_GRP14_SHA1,
97  KEX_DH_GRP14_SHA256,
98  KEX_DH_GRP16_SHA512,
99  KEX_DH_GRP18_SHA512,
100  KEX_DH_GEX_SHA1,
101  KEX_DH_GEX_SHA256,
102  KEX_ECDH_SHA2,
103  KEX_C25519_SHA256,
104  KEX_KEM_SNTRUP761X25519_SHA512,
105 #ifdef GSSAPI
106  KEX_GSS_GRP1_SHA1,
107  KEX_GSS_GRP14_SHA1,
108  KEX_GSS_GRP14_SHA256,
109  KEX_GSS_GRP16_SHA512,
110  KEX_GSS_GEX_SHA1,
111  KEX_GSS_NISTP256_SHA256,
112  KEX_GSS_C25519_SHA256,
113 #endif
114  KEX_MAX
115 };
116 
117 #define KEX_INIT_SENT 0x0001
118 #define KEX_INITIAL 0x0002
119 
120 struct sshenc {
121  char *name;
122  const struct sshcipher *cipher;
123  int enabled;
124  u_int key_len;
125  u_int iv_len;
126  u_int block_size;
127  u_char *key;
128  u_char *iv;
129 };
130 struct sshcomp {
131  u_int type;
132  int enabled;
133  char *name;
134 };
135 struct newkeys {
136  struct sshenc enc;
137  struct sshmac mac;
138  struct sshcomp comp;
139 };
140 
141 struct ssh;
142 
143 struct kex {
144  struct newkeys *newkeys[MODE_MAX];
145  u_int we_need;
146  u_int dh_need;
147  int server;
148  char *name;
149  char *hostkey_alg;
150  int hostkey_type;
151  int hostkey_nid;
152  u_int kex_type;
153  char *server_sig_algs;
154  int ext_info_c;
155  struct sshbuf *my;
156  struct sshbuf *peer;
157  struct sshbuf *client_version;
158  struct sshbuf *server_version;
159  struct sshbuf *session_id;
160  sig_atomic_t done;
161  u_int flags;
162  int hash_alg;
163  int ec_nid;
164 #ifdef GSSAPI
165  int gss_deleg_creds;
166  int gss_trust_dns;
167  char *gss_host;
168  char *gss_client;
169 #endif
170  char *failed_choice;
171  int (*verify_host_key)(struct sshkey *, struct ssh *);
172  struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
173  struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
174  int (*host_key_index)(struct sshkey *, int, struct ssh *);
175  int (*sign)(struct ssh *, struct sshkey *, struct sshkey *,
176  u_char **, size_t *, const u_char *, size_t, const char *);
177  int (*kex[KEX_MAX])(struct ssh *);
178  /* kex specific state */
179  DH *dh; /* DH */
180  u_int min, max, nbits; /* GEX */
181  EC_KEY *ec_client_key; /* ECDH */
182  const EC_GROUP *ec_group; /* ECDH */
183  u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
184  u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
185  u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */
186  struct sshbuf *client_pub;
187 };
188 
189 int kex_names_valid(const char *);
190 char *kex_alg_list(char);
191 char *kex_gss_alg_list(char);
192 char *kex_names_cat(const char *, const char *);
193 int kex_assemble_names(char **, const char *, const char *);
194 int kex_gss_names_valid(const char *);
195 
196 int kex_exchange_identification(struct ssh *, int, const char *);
197 
198 struct kex *kex_new(void);
199 int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
200 int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
201 void kex_free_newkeys(struct newkeys *);
202 void kex_free(struct kex *);
203 
204 int kex_buf2prop(struct sshbuf *, int *, char ***);
205 int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
206 void kex_prop_free(char **);
207 int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **);
208 int kex_verify_host_key(struct ssh *, struct sshkey *);
209 
210 int kex_send_kexinit(struct ssh *);
211 int kex_input_kexinit(int, u_int32_t, struct ssh *);
212 int kex_input_ext_info(int, u_int32_t, struct ssh *);
213 int kex_protocol_error(int, u_int32_t, struct ssh *);
214 int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
215 int kex_send_newkeys(struct ssh *);
216 int kex_start_rekex(struct ssh *);
217 
218 int kexgex_client(struct ssh *);
219 int kexgex_server(struct ssh *);
220 int kex_gen_client(struct ssh *);
221 int kex_gen_server(struct ssh *);
222 #if defined(GSSAPI) && defined(WITH_OPENSSL)
223 int kexgssgex_client(struct ssh *);
224 int kexgssgex_server(struct ssh *);
225 int kexgss_client(struct ssh *);
226 int kexgss_server(struct ssh *);
227 #endif
228 
229 void newkeys_destroy(struct newkeys *newkeys);
230 
231 int kex_dh_keypair(struct kex *);
232 int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
233  struct sshbuf **);
234 int kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
235 
236 int kex_ecdh_keypair(struct kex *);
237 int kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
238  struct sshbuf **);
239 int kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
240 
241 int kex_c25519_keypair(struct kex *);
242 int kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
243  struct sshbuf **);
244 int kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
245 
246 int kex_kem_sntrup761x25519_keypair(struct kex *);
247 int kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
248  struct sshbuf **, struct sshbuf **);
249 int kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
250  struct sshbuf **);
251 
252 int kex_dh_keygen(struct kex *);
253 int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);
254 
255 int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *,
256  const struct sshbuf *, const struct sshbuf *, const struct sshbuf *,
257  int, int, int,
258  const BIGNUM *, const BIGNUM *, const BIGNUM *,
259  const BIGNUM *, const u_char *, size_t,
260  u_char *, size_t *);
261 
262 int kex_gen_hash(int hash_alg, const struct sshbuf *client_version,
263  const struct sshbuf *server_version, const struct sshbuf *client_kexinit,
264  const struct sshbuf *server_kexinit, const struct sshbuf *server_host_key_blob,
265  const struct sshbuf *client_pub, const struct sshbuf *server_pub,
266  const struct sshbuf *shared_secret, u_char *hash, size_t *hashlen);
267 
268 void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
269  __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
270  __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
271 int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
272  const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
273  __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
274  __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
275 int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
276  const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
277  __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
278  __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
279 
280 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
281 void dump_digest(const char *, const u_char *, int);
282 #endif
283 
284 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)
285 # undef EC_KEY
286 # undef EC_GROUP
287 # undef EC_POINT
288 #endif
289 
290 #endif