30 #include "crypto_api.h"
33 # include <openssl/bn.h>
34 # include <openssl/dh.h>
35 # include <openssl/ecdsa.h>
36 # ifdef OPENSSL_HAS_ECC
37 # include <openssl/ec.h>
40 # define EC_GROUP void
41 # define EC_POINT void
47 # define EC_GROUP void
48 # define EC_POINT void
51 #define KEX_COOKIE_LEN 16
53 #define KEX_DH1 "diffie-hellman-group1-sha1"
54 #define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
55 #define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
56 #define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
57 #define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
58 #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
59 #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
60 #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
61 #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
62 #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
63 #define KEX_CURVE25519_SHA256 "curve25519-sha256"
64 #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
65 #define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com"
70 #define COMP_DELAYED 2
72 #define CURVE25519_SIZE 32
74 enum kex_init_proposals {
76 PROPOSAL_SERVER_HOST_KEY_ALGS,
77 PROPOSAL_ENC_ALGS_CTOS,
78 PROPOSAL_ENC_ALGS_STOC,
79 PROPOSAL_MAC_ALGS_CTOS,
80 PROPOSAL_MAC_ALGS_STOC,
81 PROPOSAL_COMP_ALGS_CTOS,
82 PROPOSAL_COMP_ALGS_STOC,
104 KEX_KEM_SNTRUP761X25519_SHA512,
108 KEX_GSS_GRP14_SHA256,
109 KEX_GSS_GRP16_SHA512,
111 KEX_GSS_NISTP256_SHA256,
112 KEX_GSS_C25519_SHA256,
117 #define KEX_INIT_SENT 0x0001
118 #define KEX_INITIAL 0x0002
122 const struct sshcipher *cipher;
144 struct newkeys *newkeys[MODE_MAX];
153 char *server_sig_algs;
157 struct sshbuf *client_version;
158 struct sshbuf *server_version;
159 struct sshbuf *session_id;
171 int (*verify_host_key)(
struct sshkey *,
struct ssh *);
172 struct sshkey *(*load_host_public_key)(int, int,
struct ssh *);
173 struct sshkey *(*load_host_private_key)(int, int,
struct ssh *);
174 int (*host_key_index)(
struct sshkey *, int,
struct ssh *);
175 int (*sign)(
struct ssh *,
struct sshkey *,
struct sshkey *,
176 u_char **,
size_t *,
const u_char *, size_t,
const char *);
177 int (*kex[KEX_MAX])(
struct ssh *);
180 u_int min, max, nbits;
181 EC_KEY *ec_client_key;
182 const EC_GROUP *ec_group;
183 u_char c25519_client_key[CURVE25519_SIZE];
184 u_char c25519_client_pubkey[CURVE25519_SIZE];
185 u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES];
186 struct sshbuf *client_pub;
189 int kex_names_valid(
const char *);
190 char *kex_alg_list(
char);
191 char *kex_gss_alg_list(
char);
192 char *kex_names_cat(
const char *,
const char *);
193 int kex_assemble_names(
char **,
const char *,
const char *);
194 int kex_gss_names_valid(
const char *);
196 int kex_exchange_identification(
struct ssh *,
int,
const char *);
198 struct kex *kex_new(
void);
199 int kex_ready(
struct ssh *,
char *[PROPOSAL_MAX]);
200 int kex_setup(
struct ssh *,
char *[PROPOSAL_MAX]);
201 void kex_free_newkeys(
struct newkeys *);
202 void kex_free(
struct kex *);
204 int kex_buf2prop(
struct sshbuf *,
int *,
char ***);
205 int kex_prop2buf(
struct sshbuf *,
char *proposal[PROPOSAL_MAX]);
206 void kex_prop_free(
char **);
207 int kex_load_hostkey(
struct ssh *,
struct sshkey **,
struct sshkey **);
208 int kex_verify_host_key(
struct ssh *,
struct sshkey *);
210 int kex_send_kexinit(
struct ssh *);
211 int kex_input_kexinit(
int, u_int32_t,
struct ssh *);
212 int kex_input_ext_info(
int, u_int32_t,
struct ssh *);
213 int kex_protocol_error(
int, u_int32_t,
struct ssh *);
214 int kex_derive_keys(
struct ssh *, u_char *, u_int,
const struct sshbuf *);
215 int kex_send_newkeys(
struct ssh *);
216 int kex_start_rekex(
struct ssh *);
218 int kexgex_client(
struct ssh *);
219 int kexgex_server(
struct ssh *);
220 int kex_gen_client(
struct ssh *);
221 int kex_gen_server(
struct ssh *);
222 #if defined(GSSAPI) && defined(WITH_OPENSSL)
223 int kexgssgex_client(
struct ssh *);
224 int kexgssgex_server(
struct ssh *);
225 int kexgss_client(
struct ssh *);
226 int kexgss_server(
struct ssh *);
229 void newkeys_destroy(
struct newkeys *newkeys);
231 int kex_dh_keypair(
struct kex *);
232 int kex_dh_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
234 int kex_dh_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
236 int kex_ecdh_keypair(
struct kex *);
237 int kex_ecdh_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
239 int kex_ecdh_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
241 int kex_c25519_keypair(
struct kex *);
242 int kex_c25519_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
244 int kex_c25519_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
246 int kex_kem_sntrup761x25519_keypair(
struct kex *);
247 int kex_kem_sntrup761x25519_enc(
struct kex *,
const struct sshbuf *,
248 struct sshbuf **,
struct sshbuf **);
249 int kex_kem_sntrup761x25519_dec(
struct kex *,
const struct sshbuf *,
252 int kex_dh_keygen(
struct kex *);
253 int kex_dh_compute_key(
struct kex *, BIGNUM *,
struct sshbuf *);
255 int kexgex_hash(
int,
const struct sshbuf *,
const struct sshbuf *,
256 const struct sshbuf *,
const struct sshbuf *,
const struct sshbuf *,
258 const BIGNUM *,
const BIGNUM *,
const BIGNUM *,
259 const BIGNUM *,
const u_char *,
size_t,
262 int kex_gen_hash(
int hash_alg,
const struct sshbuf *client_version,
263 const struct sshbuf *server_version,
const struct sshbuf *client_kexinit,
264 const struct sshbuf *server_kexinit,
const struct sshbuf *server_host_key_blob,
265 const struct sshbuf *client_pub,
const struct sshbuf *server_pub,
266 const struct sshbuf *shared_secret, u_char *hash,
size_t *hashlen);
268 void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
269 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
270 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
271 int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
272 const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
273 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
274 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
275 int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
276 const u_char pub[CURVE25519_SIZE], struct sshbuf *out,
int)
277 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
278 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
280 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
281 void dump_digest(
const char *,
const u_char *,
int);
284 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)