upstream commit

adapt kex to sshbuf and struct ssh; ok djm@
author: markus@openbsd.org <markus@openbsd.org> 2015-01-19 20:16:15 +0000
committer: Damien Miller <djm@mindrot.org> 2015-01-20 09:19:39 +1100
commit: 57d10cbe861a235dd269c74fb2fe248469ecee9d (patch)
tree: c65deed24700490bd3b20300c4829d4d5466ff6d /kex.h
parent: 3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff)
1 files changed, 70 insertions, 57 deletions
diff --git a/kex.h b/kex.h
index 1f7c824b6..1798eea4d 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.68 2015/01/19 20:07:45 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.69 2015/01/19 20:16:15 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -30,8 +30,8 @@
 #include "buffer.h" /* XXX for typedef */
 #include "key.h" /* XXX for typedef */
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+#ifdef WITH_LEAKMALLOC
-#include <openssl/ec.h>
+#include "leakmalloc.h"
 #endif
 #define KEX_COOKIE_LEN  16
@@ -50,6 +50,8 @@
 #define COMP_ZLIB       1
 #define COMP_DELAYED    2
+#define CURVE25519_SIZE 32
 enum kex_init_proposals {
        PROPOSAL_KEX_ALGS,
        PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -82,12 +84,6 @@ enum kex_exchange {
 #define KEX_INIT_SENT   0x0001
-typedef struct kex Kex;
-typedef struct sshcomp Comp;
-typedef struct sshmac Mac;
-typedef struct sshenc Enc;
-typedef struct newkeys Newkeys;
 struct sshenc {
        char    *name;
        const struct sshcipher *cipher;
@@ -106,8 +102,11 @@ struct sshcomp {
 struct newkeys {
        struct sshenc   enc;
        struct sshmac   mac;
-        struct sshcomp  comp;
+        struct sshcomp  comp;
 };
+struct ssh;
 struct kex {
        u_char  *session_id;
        size_t  session_id_len;
@@ -117,73 +116,87 @@ struct kex {
        int     server;
        char    *name;
        int     hostkey_type;
-        int     kex_type;
+        u_int   kex_type;
        int     roaming;
        struct sshbuf *my;
        struct sshbuf *peer;
        sig_atomic_t done;
-        int     flags;
+        u_int   flags;
        int     hash_alg;
        int     ec_nid;
        char    *client_version_string;
        char    *server_version_string;
-        int     (*verify_host_key)(Key *);
+        int     (*verify_host_key)(struct sshkey *, struct ssh *);
-        Key     *(*load_host_public_key)(int);
+        struct sshkey *(*load_host_public_key)(int, struct ssh *);
-        Key     *(*load_host_private_key)(int);
+        struct sshkey *(*load_host_private_key)(int, struct ssh *);
-        int     (*host_key_index)(Key *);
+        int     (*host_key_index)(struct sshkey *, struct ssh *);
-        void    (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
+        int     (*sign)(struct sshkey *, struct sshkey *,
-        void    (*kex[KEX_MAX])(Kex *);
+            u_char **, size_t *, u_char *, size_t, u_int);
+        int     (*kex[KEX_MAX])(struct ssh *);
+        /* kex specific state */
+        DH      *dh;                    /* DH */
+        u_int   min, max, nbits;        /* GEX */
+        EC_KEY  *ec_client_key;         /* ECDH */
+        const EC_GROUP *ec_group;       /* ECDH */
+        u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+        u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
 };
 int      kex_names_valid(const char *);
 char    *kex_alg_list(char);
-Kex     *kex_setup(char *[PROPOSAL_MAX]);
+int      kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
-void     kex_finish(Kex *);
+int      kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
-void     kex_free_newkeys(struct newkeys *);
+void     kex_free_newkeys(struct newkeys *);
+void     kex_free(struct kex *);
-void     kex_send_kexinit(Kex *);
+int      kex_buf2prop(struct sshbuf *, int *, char ***);
-int      kex_input_kexinit(int, u_int32_t, void *);
+int      kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
-void     kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
+void     kex_prop_free(char **);
-void     kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
-void     kexdh_client(Kex *);
-void     kexdh_server(Kex *);
-void     kexgex_client(Kex *);
-void     kexgex_server(Kex *);
-void     kexecdh_client(Kex *);
-void     kexecdh_server(Kex *);
-void     kexc25519_client(Kex *);
-void     kexc25519_server(Kex *);
-void
-kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
-    BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-void
-kexgex_hash(int, char *, char *, char *, int, char *,
-    int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
-    BIGNUM *, BIGNUM *, u_char **, u_int *);
-#ifdef OPENSSL_HAS_ECC
-void
-kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
-    char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
-    const BIGNUM *, u_char **, u_int *);
-#endif
-void
-kex_c25519_hash(int, char *, char *, char *, int,
-    char *, int, u_char *, int, const u_char *, const u_char *,
-    const u_char *, u_int, u_char **, u_int *);
-#define CURVE25519_SIZE 32
+int      kex_send_kexinit(struct ssh *);
-void    kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
+int      kex_input_kexinit(int, u_int32_t, void *);
+int      kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
+int      kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
+int      kex_send_newkeys(struct ssh *);
+int      kexdh_client(struct ssh *);
+int      kexdh_server(struct ssh *);
+int      kexgex_client(struct ssh *);
+int      kexgex_server(struct ssh *);
+int      kexecdh_client(struct ssh *);
+int      kexecdh_server(struct ssh *);
+int      kexc25519_client(struct ssh *);
+int      kexc25519_server(struct ssh *);
+int      kex_dh_hash(const char *, const char *,
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+    const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
+int      kexgex_hash(int, const char *, const char *,
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+    int, int, int,
+    const BIGNUM *, const BIGNUM *, const BIGNUM *,
+    const BIGNUM *, const BIGNUM *,
+    u_char *, size_t *);
+int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+    const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
+int      kex_c25519_hash(int, const char *, const char *, const char *, size_t,
+    const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
+    const u_char *, size_t, u_char *, size_t *);
+void    kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+int     kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
-    const u_char pub[CURVE25519_SIZE], Buffer *out)
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void
+int
 derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
author	markus@openbsd.org <markus@openbsd.org>	2015-01-19 20:16:15 +0000
committer	Damien Miller <djm@mindrot.org>	2015-01-20 09:19:39 +1100
commit	57d10cbe861a235dd269c74fb2fe248469ecee9d (patch)
tree	c65deed24700490bd3b20300c4829d4d5466ff6d /kex.h
parent	3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff)