api/6.2.1629922860/kex_8h_source.html

/* $OpenBSD: kex.h,v 1.114 2021/01/31 22:55:29 djm Exp $ */


/*

 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

#ifndef KEX_H

#define KEX_H


#include "mac.h"

#include "crypto_api.h"


#ifdef WITH_OPENSSL

# include <openssl/bn.h>

# include <openssl/dh.h>

# include <openssl/ecdsa.h>

# ifdef OPENSSL_HAS_ECC

#  include <openssl/ec.h>

# else /* OPENSSL_HAS_ECC */

#  define EC_KEY    void

#  define EC_GROUP  void

#  define EC_POINT  void

# endif /* OPENSSL_HAS_ECC */

#else /* WITH_OPENSSL */

# define DH     void

# define BIGNUM     void

# define EC_KEY     void

# define EC_GROUP   void

# define EC_POINT   void

#endif /* WITH_OPENSSL */


#define KEX_COOKIE_LEN  16


#define KEX_DH1             "diffie-hellman-group1-sha1"

#define KEX_DH14_SHA1           "diffie-hellman-group14-sha1"

#define KEX_DH14_SHA256         "diffie-hellman-group14-sha256"

#define KEX_DH16_SHA512         "diffie-hellman-group16-sha512"

#define KEX_DH18_SHA512         "diffie-hellman-group18-sha512"

#define KEX_DHGEX_SHA1          "diffie-hellman-group-exchange-sha1"

#define KEX_DHGEX_SHA256        "diffie-hellman-group-exchange-sha256"

#define KEX_ECDH_SHA2_NISTP256      "ecdh-sha2-nistp256"

#define KEX_ECDH_SHA2_NISTP384      "ecdh-sha2-nistp384"

#define KEX_ECDH_SHA2_NISTP521      "ecdh-sha2-nistp521"

#define KEX_CURVE25519_SHA256       "curve25519-sha256"

#define KEX_CURVE25519_SHA256_OLD   "curve25519-sha256@libssh.org"

#define KEX_SNTRUP761X25519_SHA512  "sntrup761x25519-sha512@openssh.com"


#define COMP_NONE   0

/* pre-auth compression (COMP_ZLIB) is only supported in the client */

#define COMP_ZLIB   1

#define COMP_DELAYED    2


#define CURVE25519_SIZE 32


enum kex_init_proposals {

    PROPOSAL_KEX_ALGS,

    PROPOSAL_SERVER_HOST_KEY_ALGS,

    PROPOSAL_ENC_ALGS_CTOS,

    PROPOSAL_ENC_ALGS_STOC,

    PROPOSAL_MAC_ALGS_CTOS,

    PROPOSAL_MAC_ALGS_STOC,

    PROPOSAL_COMP_ALGS_CTOS,

    PROPOSAL_COMP_ALGS_STOC,

    PROPOSAL_LANG_CTOS,

    PROPOSAL_LANG_STOC,

    PROPOSAL_MAX

};


enum kex_modes {

    MODE_IN,

    MODE_OUT,

    MODE_MAX

};


enum kex_exchange {

    KEX_DH_GRP1_SHA1,

    KEX_DH_GRP14_SHA1,

    KEX_DH_GRP14_SHA256,

    KEX_DH_GRP16_SHA512,

    KEX_DH_GRP18_SHA512,

    KEX_DH_GEX_SHA1,

    KEX_DH_GEX_SHA256,

    KEX_ECDH_SHA2,

    KEX_C25519_SHA256,

    KEX_KEM_SNTRUP761X25519_SHA512,

#ifdef GSSAPI

    KEX_GSS_GRP1_SHA1,

    KEX_GSS_GRP14_SHA1,

    KEX_GSS_GRP14_SHA256,

    KEX_GSS_GRP16_SHA512,

    KEX_GSS_GEX_SHA1,

    KEX_GSS_NISTP256_SHA256,

    KEX_GSS_C25519_SHA256,

#endif

    KEX_MAX

};


#define KEX_INIT_SENT   0x0001

#define KEX_INITIAL 0x0002


struct sshenc {

    char    *name;

    const struct sshcipher *cipher;

    int enabled;

    u_int   key_len;

    u_int   iv_len;

    u_int   block_size;

    u_char  *key;

    u_char  *iv;

};

struct sshcomp {

    u_int   type;

    int enabled;

    char    *name;

};

struct newkeys {

    struct sshenc   enc;

    struct sshmac   mac;

    struct sshcomp  comp;

};


struct ssh;


struct kex {

    struct newkeys  *newkeys[MODE_MAX];

    u_int   we_need;

    u_int   dh_need;

    int server;

    char    *name;

    char    *hostkey_alg;

    int hostkey_type;

    int hostkey_nid;

    u_int   kex_type;

    char    *server_sig_algs;

    int ext_info_c;

    struct sshbuf *my;

    struct sshbuf *peer;

    struct sshbuf *client_version;

    struct sshbuf *server_version;

    struct sshbuf *session_id;

    sig_atomic_t done;

    u_int   flags;

    int hash_alg;

    int ec_nid;

#ifdef GSSAPI

    int gss_deleg_creds;

    int gss_trust_dns;

    char    *gss_host;

    char    *gss_client;

#endif

    char    *failed_choice;

    int (*verify_host_key)(struct sshkey *, struct ssh *);

    struct sshkey *(*load_host_public_key)(int, int, struct ssh *);

    struct sshkey *(*load_host_private_key)(int, int, struct ssh *);

    int (*host_key_index)(struct sshkey *, int, struct ssh *);

    int (*sign)(struct ssh *, struct sshkey *, struct sshkey *,

        u_char **, size_t *, const u_char *, size_t, const char *);

    int (*kex[KEX_MAX])(struct ssh *);

    /* kex specific state */

    DH  *dh;            /* DH */

    u_int   min, max, nbits;    /* GEX */

    EC_KEY  *ec_client_key;     /* ECDH */

    const EC_GROUP *ec_group;   /* ECDH */

    u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */

    u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */

    u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */

    struct sshbuf *client_pub;

};


int  kex_names_valid(const char *);

char    *kex_alg_list(char);

char    *kex_gss_alg_list(char);

char    *kex_names_cat(const char *, const char *);

int  kex_assemble_names(char **, const char *, const char *);

int  kex_gss_names_valid(const char *);


int  kex_exchange_identification(struct ssh *, int, const char *);


struct kex *kex_new(void);

int  kex_ready(struct ssh *, char *[PROPOSAL_MAX]);

int  kex_setup(struct ssh *, char *[PROPOSAL_MAX]);

void     kex_free_newkeys(struct newkeys *);

void     kex_free(struct kex *);


int  kex_buf2prop(struct sshbuf *, int *, char ***);

int  kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);

void     kex_prop_free(char **);

int  kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **);

int  kex_verify_host_key(struct ssh *, struct sshkey *);


int  kex_send_kexinit(struct ssh *);

int  kex_input_kexinit(int, u_int32_t, struct ssh *);

int  kex_input_ext_info(int, u_int32_t, struct ssh *);

int  kex_protocol_error(int, u_int32_t, struct ssh *);

int  kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);

int  kex_send_newkeys(struct ssh *);

int  kex_start_rekex(struct ssh *);


int  kexgex_client(struct ssh *);

int  kexgex_server(struct ssh *);

int  kex_gen_client(struct ssh *);

int  kex_gen_server(struct ssh *);

#if defined(GSSAPI) && defined(WITH_OPENSSL)

int  kexgssgex_client(struct ssh *);

int  kexgssgex_server(struct ssh *);

int  kexgss_client(struct ssh *);

int  kexgss_server(struct ssh *);

#endif


void    newkeys_destroy(struct newkeys *newkeys);


int  kex_dh_keypair(struct kex *);

int  kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,

    struct sshbuf **);

int  kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);


int  kex_ecdh_keypair(struct kex *);

int  kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,

    struct sshbuf **);

int  kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);


int  kex_c25519_keypair(struct kex *);

int  kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,

    struct sshbuf **);

int  kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);


int  kex_kem_sntrup761x25519_keypair(struct kex *);

int  kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,

    struct sshbuf **, struct sshbuf **);

int  kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,

    struct sshbuf **);


int  kex_dh_keygen(struct kex *);

int  kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);


int  kexgex_hash(int, const struct sshbuf *, const struct sshbuf *,

    const struct sshbuf *, const struct sshbuf *, const struct sshbuf *,

    int, int, int,

    const BIGNUM *, const BIGNUM *, const BIGNUM *,

    const BIGNUM *, const u_char *, size_t,

    u_char *, size_t *);


int  kex_gen_hash(int hash_alg, const struct sshbuf *client_version,

    const struct sshbuf *server_version, const struct sshbuf *client_kexinit,

    const struct sshbuf *server_kexinit, const struct sshbuf *server_host_key_blob,

    const struct sshbuf *client_pub, const struct sshbuf *server_pub,

    const struct sshbuf *shared_secret, u_char *hash, size_t *hashlen);


void    kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])

    __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))

    __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));

int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],

    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)

    __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))

    __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));

int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],

    const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)

    __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))

    __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));


#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)

void    dump_digest(const char *, const u_char *, int);

#endif


#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)

# undef EC_KEY

# undef EC_GROUP

# undef EC_POINT

#endif


#endif