crypto/openssh/kex.h

264377Sdes/* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
224638Sbrooks/* $FreeBSD$ */
76259Sgreen
60573Skris/*
92555Sdes * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
60573Skris *
60573Skris * Redistribution and use in source and binary forms, with or without
60573Skris * modification, are permitted provided that the following conditions
60573Skris * are met:
60573Skris * 1. Redistributions of source code must retain the above copyright
60573Skris *    notice, this list of conditions and the following disclaimer.
60573Skris * 2. Redistributions in binary form must reproduce the above copyright
60573Skris *    notice, this list of conditions and the following disclaimer in the
60573Skris *    documentation and/or other materials provided with the distribution.
60573Skris *
60573Skris * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
60573Skris * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
60573Skris * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
60573Skris * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
60573Skris * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
60573Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
60573Skris * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
60573Skris * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
60573Skris * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
60573Skris * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60573Skris */
60573Skris#ifndef KEX_H
60573Skris#define KEX_H
60573Skris
162852Sdes#include <signal.h>
76259Sgreen#include <openssl/evp.h>
181111Sdes#include <openssl/hmac.h>
221420Sdes#ifdef OPENSSL_HAS_ECC
221420Sdes#include <openssl/ec.h>
221420Sdes#endif
76259Sgreen
197679Sdes#define KEX_COOKIE_LEN	16
197679Sdes
157016Sdes#define	KEX_DH1			"diffie-hellman-group1-sha1"
157016Sdes#define	KEX_DH14		"diffie-hellman-group14-sha1"
157016Sdes#define	KEX_DHGEX_SHA1		"diffie-hellman-group-exchange-sha1"
162852Sdes#define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
204917Sdes#define	KEX_RESUME		"resume@appgate.com"
255767Sdes#define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
255767Sdes#define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
255767Sdes#define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
262566Sdes#define	KEX_CURVE25519_SHA256	"curve25519-sha256@libssh.org"
60573Skris
149749Sdes#define COMP_NONE	0
149749Sdes#define COMP_ZLIB	1
149749Sdes#define COMP_DELAYED	2
149749Sdes
60573Skrisenum kex_init_proposals {
60573Skris	PROPOSAL_KEX_ALGS,
60573Skris	PROPOSAL_SERVER_HOST_KEY_ALGS,
60573Skris	PROPOSAL_ENC_ALGS_CTOS,
60573Skris	PROPOSAL_ENC_ALGS_STOC,
60573Skris	PROPOSAL_MAC_ALGS_CTOS,
60573Skris	PROPOSAL_MAC_ALGS_STOC,
60573Skris	PROPOSAL_COMP_ALGS_CTOS,
60573Skris	PROPOSAL_COMP_ALGS_STOC,
60573Skris	PROPOSAL_LANG_CTOS,
60573Skris	PROPOSAL_LANG_STOC,
60573Skris	PROPOSAL_MAX
60573Skris};
60573Skris
60573Skrisenum kex_modes {
60573Skris	MODE_IN,
60573Skris	MODE_OUT,
60573Skris	MODE_MAX
60573Skris};
60573Skris
69587Sgreenenum kex_exchange {
113908Sdes	KEX_DH_GRP1_SHA1,
137015Sdes	KEX_DH_GRP14_SHA1,
113908Sdes	KEX_DH_GEX_SHA1,
162852Sdes	KEX_DH_GEX_SHA256,
221420Sdes	KEX_ECDH_SHA2,
262566Sdes	KEX_C25519_SHA256,
113908Sdes	KEX_MAX
69587Sgreen};
76259Sgreen
76259Sgreen#define KEX_INIT_SENT	0x0001
76259Sgreen
60573Skristypedef struct Kex Kex;
60573Skristypedef struct Mac Mac;
60573Skristypedef struct Comp Comp;
60573Skristypedef struct Enc Enc;
76259Sgreentypedef struct Newkeys Newkeys;
60573Skris
60573Skrisstruct Enc {
76259Sgreen	char	*name;
255767Sdes	const Cipher *cipher;
76259Sgreen	int	enabled;
92555Sdes	u_int	key_len;
248619Sdes	u_int	iv_len;
92555Sdes	u_int	block_size;
76259Sgreen	u_char	*key;
76259Sgreen	u_char	*iv;
60573Skris};
60573Skrisstruct Mac {
76259Sgreen	char	*name;
76259Sgreen	int	enabled;
149749Sdes	u_int	mac_len;
76259Sgreen	u_char	*key;
149749Sdes	u_int	key_len;
181111Sdes	int	type;
248619Sdes	int	etm;		/* Encrypt-then-MAC */
264377Sdes	struct ssh_hmac_ctx	*hmac_ctx;
264377Sdes	struct umac_ctx		*umac_ctx;
60573Skris};
60573Skrisstruct Comp {
76259Sgreen	int	type;
76259Sgreen	int	enabled;
76259Sgreen	char	*name;
60573Skris};
76259Sgreenstruct Newkeys {
76259Sgreen	Enc	enc;
76259Sgreen	Mac	mac;
76259Sgreen	Comp	comp;
76259Sgreen};
60573Skrisstruct Kex {
76259Sgreen	u_char	*session_id;
106121Sdes	u_int	session_id_len;
76259Sgreen	Newkeys	*newkeys[MODE_MAX];
149749Sdes	u_int	we_need;
262566Sdes	u_int	dh_need;
76259Sgreen	int	server;
76259Sgreen	char	*name;
76259Sgreen	int	hostkey_type;
76259Sgreen	int	kex_type;
204917Sdes	int	roaming;
76259Sgreen	Buffer	my;
76259Sgreen	Buffer	peer;
162852Sdes	sig_atomic_t done;
76259Sgreen	int	flags;
262566Sdes	int	hash_alg;
255767Sdes	int	ec_nid;
76259Sgreen	char	*client_version_string;
76259Sgreen	char	*server_version_string;
92555Sdes	int	(*verify_host_key)(Key *);
204917Sdes	Key	*(*load_host_public_key)(int);
204917Sdes	Key	*(*load_host_private_key)(int);
98675Sdes	int	(*host_key_index)(Key *);
255767Sdes	void    (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
113908Sdes	void	(*kex[KEX_MAX])(Kex *);
60573Skris};
60573Skris
221420Sdesint	 kex_names_valid(const char *);
262566Sdeschar	*kex_alg_list(char);
221420Sdes
224638Sbrooks#ifdef	NONE_CIPHER_ENABLED
224638Sbrooksvoid	 kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
224638Sbrooks#endif
224638Sbrooks
92555SdesKex	*kex_setup(char *[PROPOSAL_MAX]);
92555Sdesvoid	 kex_finish(Kex *);
60573Skris
92555Sdesvoid	 kex_send_kexinit(Kex *);
92555Sdesvoid	 kex_input_kexinit(int, u_int32_t, void *);
262566Sdesvoid	 kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
262566Sdesvoid	 kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
60573Skris
92555SdesNewkeys *kex_get_newkeys(int);
76259Sgreen
113908Sdesvoid	 kexdh_client(Kex *);
113908Sdesvoid	 kexdh_server(Kex *);
113908Sdesvoid	 kexgex_client(Kex *);
113908Sdesvoid	 kexgex_server(Kex *);
221420Sdesvoid	 kexecdh_client(Kex *);
221420Sdesvoid	 kexecdh_server(Kex *);
262566Sdesvoid	 kexc25519_client(Kex *);
262566Sdesvoid	 kexc25519_server(Kex *);
113908Sdes
157016Sdesvoid
113908Sdeskex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
157016Sdes    BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
157016Sdesvoid
262566Sdeskexgex_hash(int, char *, char *, char *, int, char *,
162852Sdes    int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
157016Sdes    BIGNUM *, BIGNUM *, u_char **, u_int *);
221420Sdes#ifdef OPENSSL_HAS_ECC
221420Sdesvoid
262566Sdeskex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
221420Sdes    char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
221420Sdes    const BIGNUM *, u_char **, u_int *);
221420Sdes#endif
262566Sdesvoid
262566Sdeskex_c25519_hash(int, char *, char *, char *, int,
262566Sdes    char *, int, u_char *, int, const u_char *, const u_char *,
262566Sdes    const u_char *, u_int, u_char **, u_int *);
113908Sdes
262566Sdes#define CURVE25519_SIZE 32
262566Sdesvoid	kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
262566Sdes	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
262566Sdes	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
262566Sdesvoid kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
262566Sdes    const u_char pub[CURVE25519_SIZE], Buffer *out)
262566Sdes	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
262566Sdes	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
262566Sdes
137015Sdesvoid
137015Sdesderive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
137015Sdes
221420Sdes#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
92555Sdesvoid	dump_digest(char *, u_char *, int);
60573Skris#endif
76259Sgreen
76259Sgreen#endif