diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-01-19 20:16:15 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-20 09:19:39 +1100 |
commit | 57d10cbe861a235dd269c74fb2fe248469ecee9d (patch) | |
tree | c65deed24700490bd3b20300c4829d4d5466ff6d /kex.h | |
parent | 3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff) |
upstream commit
adapt kex to sshbuf and struct ssh; ok djm@
Diffstat (limited to 'kex.h')
-rw-r--r-- | kex.h | 127 |
1 files changed, 70 insertions, 57 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.68 2015/01/19 20:07:45 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.69 2015/01/19 20:16:15 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -30,8 +30,8 @@ | |||
30 | #include "buffer.h" /* XXX for typedef */ | 30 | #include "buffer.h" /* XXX for typedef */ |
31 | #include "key.h" /* XXX for typedef */ | 31 | #include "key.h" /* XXX for typedef */ |
32 | 32 | ||
33 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | 33 | #ifdef WITH_LEAKMALLOC |
34 | #include <openssl/ec.h> | 34 | #include "leakmalloc.h" |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | #define KEX_COOKIE_LEN 16 | 37 | #define KEX_COOKIE_LEN 16 |
@@ -50,6 +50,8 @@ | |||
50 | #define COMP_ZLIB 1 | 50 | #define COMP_ZLIB 1 |
51 | #define COMP_DELAYED 2 | 51 | #define COMP_DELAYED 2 |
52 | 52 | ||
53 | #define CURVE25519_SIZE 32 | ||
54 | |||
53 | enum kex_init_proposals { | 55 | enum kex_init_proposals { |
54 | PROPOSAL_KEX_ALGS, | 56 | PROPOSAL_KEX_ALGS, |
55 | PROPOSAL_SERVER_HOST_KEY_ALGS, | 57 | PROPOSAL_SERVER_HOST_KEY_ALGS, |
@@ -82,12 +84,6 @@ enum kex_exchange { | |||
82 | 84 | ||
83 | #define KEX_INIT_SENT 0x0001 | 85 | #define KEX_INIT_SENT 0x0001 |
84 | 86 | ||
85 | typedef struct kex Kex; | ||
86 | typedef struct sshcomp Comp; | ||
87 | typedef struct sshmac Mac; | ||
88 | typedef struct sshenc Enc; | ||
89 | typedef struct newkeys Newkeys; | ||
90 | |||
91 | struct sshenc { | 87 | struct sshenc { |
92 | char *name; | 88 | char *name; |
93 | const struct sshcipher *cipher; | 89 | const struct sshcipher *cipher; |
@@ -106,8 +102,11 @@ struct sshcomp { | |||
106 | struct newkeys { | 102 | struct newkeys { |
107 | struct sshenc enc; | 103 | struct sshenc enc; |
108 | struct sshmac mac; | 104 | struct sshmac mac; |
109 | struct sshcomp comp; | 105 | struct sshcomp comp; |
110 | }; | 106 | }; |
107 | |||
108 | struct ssh; | ||
109 | |||
111 | struct kex { | 110 | struct kex { |
112 | u_char *session_id; | 111 | u_char *session_id; |
113 | size_t session_id_len; | 112 | size_t session_id_len; |
@@ -117,73 +116,87 @@ struct kex { | |||
117 | int server; | 116 | int server; |
118 | char *name; | 117 | char *name; |
119 | int hostkey_type; | 118 | int hostkey_type; |
120 | int kex_type; | 119 | u_int kex_type; |
121 | int roaming; | 120 | int roaming; |
122 | struct sshbuf *my; | 121 | struct sshbuf *my; |
123 | struct sshbuf *peer; | 122 | struct sshbuf *peer; |
124 | sig_atomic_t done; | 123 | sig_atomic_t done; |
125 | int flags; | 124 | u_int flags; |
126 | int hash_alg; | 125 | int hash_alg; |
127 | int ec_nid; | 126 | int ec_nid; |
128 | char *client_version_string; | 127 | char *client_version_string; |
129 | char *server_version_string; | 128 | char *server_version_string; |
130 | int (*verify_host_key)(Key *); | 129 | int (*verify_host_key)(struct sshkey *, struct ssh *); |
131 | Key *(*load_host_public_key)(int); | 130 | struct sshkey *(*load_host_public_key)(int, struct ssh *); |
132 | Key *(*load_host_private_key)(int); | 131 | struct sshkey *(*load_host_private_key)(int, struct ssh *); |
133 | int (*host_key_index)(Key *); | 132 | int (*host_key_index)(struct sshkey *, struct ssh *); |
134 | void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int); | 133 | int (*sign)(struct sshkey *, struct sshkey *, |
135 | void (*kex[KEX_MAX])(Kex *); | 134 | u_char **, size_t *, u_char *, size_t, u_int); |
135 | int (*kex[KEX_MAX])(struct ssh *); | ||
136 | /* kex specific state */ | ||
137 | DH *dh; /* DH */ | ||
138 | u_int min, max, nbits; /* GEX */ | ||
139 | EC_KEY *ec_client_key; /* ECDH */ | ||
140 | const EC_GROUP *ec_group; /* ECDH */ | ||
141 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ | ||
142 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ | ||
136 | }; | 143 | }; |
137 | 144 | ||
138 | int kex_names_valid(const char *); | 145 | int kex_names_valid(const char *); |
139 | char *kex_alg_list(char); | 146 | char *kex_alg_list(char); |
140 | 147 | ||
141 | Kex *kex_setup(char *[PROPOSAL_MAX]); | 148 | int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); |
142 | void kex_finish(Kex *); | 149 | int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); |
143 | void kex_free_newkeys(struct newkeys *); | 150 | void kex_free_newkeys(struct newkeys *); |
151 | void kex_free(struct kex *); | ||
144 | 152 | ||
145 | void kex_send_kexinit(Kex *); | 153 | int kex_buf2prop(struct sshbuf *, int *, char ***); |
146 | int kex_input_kexinit(int, u_int32_t, void *); | 154 | int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); |
147 | void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int); | 155 | void kex_prop_free(char **); |
148 | void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *); | ||
149 | |||
150 | void kexdh_client(Kex *); | ||
151 | void kexdh_server(Kex *); | ||
152 | void kexgex_client(Kex *); | ||
153 | void kexgex_server(Kex *); | ||
154 | void kexecdh_client(Kex *); | ||
155 | void kexecdh_server(Kex *); | ||
156 | void kexc25519_client(Kex *); | ||
157 | void kexc25519_server(Kex *); | ||
158 | |||
159 | void | ||
160 | kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, | ||
161 | BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); | ||
162 | void | ||
163 | kexgex_hash(int, char *, char *, char *, int, char *, | ||
164 | int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, | ||
165 | BIGNUM *, BIGNUM *, u_char **, u_int *); | ||
166 | #ifdef OPENSSL_HAS_ECC | ||
167 | void | ||
168 | kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int, | ||
169 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, | ||
170 | const BIGNUM *, u_char **, u_int *); | ||
171 | #endif | ||
172 | void | ||
173 | kex_c25519_hash(int, char *, char *, char *, int, | ||
174 | char *, int, u_char *, int, const u_char *, const u_char *, | ||
175 | const u_char *, u_int, u_char **, u_int *); | ||
176 | 156 | ||
177 | #define CURVE25519_SIZE 32 | 157 | int kex_send_kexinit(struct ssh *); |
178 | void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) | 158 | int kex_input_kexinit(int, u_int32_t, void *); |
159 | int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); | ||
160 | int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); | ||
161 | int kex_send_newkeys(struct ssh *); | ||
162 | |||
163 | int kexdh_client(struct ssh *); | ||
164 | int kexdh_server(struct ssh *); | ||
165 | int kexgex_client(struct ssh *); | ||
166 | int kexgex_server(struct ssh *); | ||
167 | int kexecdh_client(struct ssh *); | ||
168 | int kexecdh_server(struct ssh *); | ||
169 | int kexc25519_client(struct ssh *); | ||
170 | int kexc25519_server(struct ssh *); | ||
171 | |||
172 | int kex_dh_hash(const char *, const char *, | ||
173 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | ||
174 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); | ||
175 | |||
176 | int kexgex_hash(int, const char *, const char *, | ||
177 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | ||
178 | int, int, int, | ||
179 | const BIGNUM *, const BIGNUM *, const BIGNUM *, | ||
180 | const BIGNUM *, const BIGNUM *, | ||
181 | u_char *, size_t *); | ||
182 | |||
183 | int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, | ||
184 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | ||
185 | const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); | ||
186 | |||
187 | int kex_c25519_hash(int, const char *, const char *, const char *, size_t, | ||
188 | const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, | ||
189 | const u_char *, size_t, u_char *, size_t *); | ||
190 | |||
191 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) | ||
179 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 192 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
180 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 193 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
181 | void kexc25519_shared_key(const u_char key[CURVE25519_SIZE], | 194 | int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], |
182 | const u_char pub[CURVE25519_SIZE], Buffer *out) | 195 | const u_char pub[CURVE25519_SIZE], struct sshbuf *out) |
183 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 196 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
184 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 197 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
185 | 198 | ||
186 | void | 199 | int |
187 | derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); | 200 | derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |
188 | 201 | ||
189 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 202 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |