diff options
Diffstat (limited to 'kex.h')
-rw-r--r-- | kex.h | 81 |
1 files changed, 51 insertions, 30 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.107 2019/01/23 00:30:41 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -27,6 +27,7 @@ | |||
27 | #define KEX_H | 27 | #define KEX_H |
28 | 28 | ||
29 | #include "mac.h" | 29 | #include "mac.h" |
30 | #include "crypto_api.h" | ||
30 | 31 | ||
31 | #ifdef WITH_LEAKMALLOC | 32 | #ifdef WITH_LEAKMALLOC |
32 | #include "leakmalloc.h" | 33 | #include "leakmalloc.h" |
@@ -62,6 +63,7 @@ | |||
62 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | 63 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
63 | #define KEX_CURVE25519_SHA256 "curve25519-sha256" | 64 | #define KEX_CURVE25519_SHA256 "curve25519-sha256" |
64 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" | 65 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" |
66 | #define KEX_SNTRUP4591761X25519_SHA512 "sntrup4591761x25519-sha512@tinyssh.org" | ||
65 | 67 | ||
66 | #define COMP_NONE 0 | 68 | #define COMP_NONE 0 |
67 | /* pre-auth compression (COMP_ZLIB) is only supported in the client */ | 69 | /* pre-auth compression (COMP_ZLIB) is only supported in the client */ |
@@ -100,10 +102,12 @@ enum kex_exchange { | |||
100 | KEX_DH_GEX_SHA256, | 102 | KEX_DH_GEX_SHA256, |
101 | KEX_ECDH_SHA2, | 103 | KEX_ECDH_SHA2, |
102 | KEX_C25519_SHA256, | 104 | KEX_C25519_SHA256, |
105 | KEX_KEM_SNTRUP4591761X25519_SHA512, | ||
103 | KEX_MAX | 106 | KEX_MAX |
104 | }; | 107 | }; |
105 | 108 | ||
106 | #define KEX_INIT_SENT 0x0001 | 109 | #define KEX_INIT_SENT 0x0001 |
110 | #define KEX_INITIAL 0x0002 | ||
107 | 111 | ||
108 | struct sshenc { | 112 | struct sshenc { |
109 | char *name; | 113 | char *name; |
@@ -144,27 +148,29 @@ struct kex { | |||
144 | int ext_info_c; | 148 | int ext_info_c; |
145 | struct sshbuf *my; | 149 | struct sshbuf *my; |
146 | struct sshbuf *peer; | 150 | struct sshbuf *peer; |
151 | struct sshbuf *client_version; | ||
152 | struct sshbuf *server_version; | ||
147 | sig_atomic_t done; | 153 | sig_atomic_t done; |
148 | u_int flags; | 154 | u_int flags; |
149 | int hash_alg; | 155 | int hash_alg; |
150 | int ec_nid; | 156 | int ec_nid; |
151 | char *client_version_string; | ||
152 | char *server_version_string; | ||
153 | char *failed_choice; | 157 | char *failed_choice; |
154 | int (*verify_host_key)(struct sshkey *, struct ssh *); | 158 | int (*verify_host_key)(struct sshkey *, struct ssh *); |
155 | struct sshkey *(*load_host_public_key)(int, int, struct ssh *); | 159 | struct sshkey *(*load_host_public_key)(int, int, struct ssh *); |
156 | struct sshkey *(*load_host_private_key)(int, int, struct ssh *); | 160 | struct sshkey *(*load_host_private_key)(int, int, struct ssh *); |
157 | int (*host_key_index)(struct sshkey *, int, struct ssh *); | 161 | int (*host_key_index)(struct sshkey *, int, struct ssh *); |
158 | int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, | 162 | int (*sign)(struct ssh *, struct sshkey *, struct sshkey *, |
159 | const u_char *, size_t, const char *, u_int); | 163 | u_char **, size_t *, const u_char *, size_t, const char *); |
160 | int (*kex[KEX_MAX])(struct ssh *); | 164 | int (*kex[KEX_MAX])(struct ssh *); |
161 | /* kex specific state */ | 165 | /* kex specific state */ |
162 | DH *dh; /* DH */ | 166 | DH *dh; /* DH */ |
163 | u_int min, max, nbits; /* GEX */ | 167 | u_int min, max, nbits; /* GEX */ |
164 | EC_KEY *ec_client_key; /* ECDH */ | 168 | EC_KEY *ec_client_key; /* ECDH */ |
165 | const EC_GROUP *ec_group; /* ECDH */ | 169 | const EC_GROUP *ec_group; /* ECDH */ |
166 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ | 170 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ |
167 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ | 171 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ |
172 | u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ | ||
173 | struct sshbuf *client_pub; | ||
168 | }; | 174 | }; |
169 | 175 | ||
170 | int kex_names_valid(const char *); | 176 | int kex_names_valid(const char *); |
@@ -172,7 +178,10 @@ char *kex_alg_list(char); | |||
172 | char *kex_names_cat(const char *, const char *); | 178 | char *kex_names_cat(const char *, const char *); |
173 | int kex_assemble_names(char **, const char *, const char *); | 179 | int kex_assemble_names(char **, const char *, const char *); |
174 | 180 | ||
175 | int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); | 181 | int kex_exchange_identification(struct ssh *, int, const char *); |
182 | |||
183 | struct kex *kex_new(void); | ||
184 | int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); | ||
176 | int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); | 185 | int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); |
177 | void kex_free_newkeys(struct newkeys *); | 186 | void kex_free_newkeys(struct newkeys *); |
178 | void kex_free(struct kex *); | 187 | void kex_free(struct kex *); |
@@ -180,44 +189,52 @@ void kex_free(struct kex *); | |||
180 | int kex_buf2prop(struct sshbuf *, int *, char ***); | 189 | int kex_buf2prop(struct sshbuf *, int *, char ***); |
181 | int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); | 190 | int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); |
182 | void kex_prop_free(char **); | 191 | void kex_prop_free(char **); |
192 | int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **); | ||
193 | int kex_verify_host_key(struct ssh *, struct sshkey *); | ||
183 | 194 | ||
184 | int kex_send_kexinit(struct ssh *); | 195 | int kex_send_kexinit(struct ssh *); |
185 | int kex_input_kexinit(int, u_int32_t, struct ssh *); | 196 | int kex_input_kexinit(int, u_int32_t, struct ssh *); |
186 | int kex_input_ext_info(int, u_int32_t, struct ssh *); | 197 | int kex_input_ext_info(int, u_int32_t, struct ssh *); |
187 | int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); | 198 | int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); |
188 | int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); | ||
189 | int kex_send_newkeys(struct ssh *); | 199 | int kex_send_newkeys(struct ssh *); |
190 | int kex_start_rekex(struct ssh *); | 200 | int kex_start_rekex(struct ssh *); |
191 | 201 | ||
192 | int kexdh_client(struct ssh *); | ||
193 | int kexdh_server(struct ssh *); | ||
194 | int kexgex_client(struct ssh *); | 202 | int kexgex_client(struct ssh *); |
195 | int kexgex_server(struct ssh *); | 203 | int kexgex_server(struct ssh *); |
196 | int kexecdh_client(struct ssh *); | 204 | int kex_gen_client(struct ssh *); |
197 | int kexecdh_server(struct ssh *); | 205 | int kex_gen_server(struct ssh *); |
198 | int kexc25519_client(struct ssh *); | 206 | |
199 | int kexc25519_server(struct ssh *); | 207 | int kex_dh_keypair(struct kex *); |
208 | int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, | ||
209 | struct sshbuf **); | ||
210 | int kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
211 | |||
212 | int kex_ecdh_keypair(struct kex *); | ||
213 | int kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, | ||
214 | struct sshbuf **); | ||
215 | int kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
216 | |||
217 | int kex_c25519_keypair(struct kex *); | ||
218 | int kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, | ||
219 | struct sshbuf **); | ||
220 | int kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
221 | |||
222 | int kex_kem_sntrup4591761x25519_keypair(struct kex *); | ||
223 | int kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *, | ||
224 | struct sshbuf **, struct sshbuf **); | ||
225 | int kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *, | ||
226 | struct sshbuf **); | ||
200 | 227 | ||
201 | int kex_dh_hash(int, const char *, const char *, | 228 | int kex_dh_keygen(struct kex *); |
202 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 229 | int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *); |
203 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); | ||
204 | 230 | ||
205 | int kexgex_hash(int, const char *, const char *, | 231 | int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, |
206 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 232 | const struct sshbuf *, const struct sshbuf *, const struct sshbuf *, |
207 | int, int, int, | 233 | int, int, int, |
208 | const BIGNUM *, const BIGNUM *, const BIGNUM *, | 234 | const BIGNUM *, const BIGNUM *, const BIGNUM *, |
209 | const BIGNUM *, const BIGNUM *, | 235 | const BIGNUM *, const u_char *, size_t, |
210 | u_char *, size_t *); | 236 | u_char *, size_t *); |
211 | 237 | ||
212 | int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, | ||
213 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | ||
214 | const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); | ||
215 | |||
216 | int kex_c25519_hash(int, const char *, const char *, | ||
217 | const u_char *, size_t, const u_char *, size_t, | ||
218 | const u_char *, size_t, const u_char *, const u_char *, | ||
219 | const u_char *, size_t, u_char *, size_t *); | ||
220 | |||
221 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) | 238 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) |
222 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 239 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
223 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 240 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
@@ -225,9 +242,13 @@ int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], | |||
225 | const u_char pub[CURVE25519_SIZE], struct sshbuf *out) | 242 | const u_char pub[CURVE25519_SIZE], struct sshbuf *out) |
226 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 243 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
227 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 244 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
245 | int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE], | ||
246 | const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int) | ||
247 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | ||
248 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | ||
228 | 249 | ||
229 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 250 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
230 | void dump_digest(char *, u_char *, int); | 251 | void dump_digest(const char *, const u_char *, int); |
231 | #endif | 252 | #endif |
232 | 253 | ||
233 | #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) | 254 | #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) |