summaryrefslogtreecommitdiff
path: root/kex.h
diff options
context:
space:
mode:
Diffstat (limited to 'kex.h')
-rw-r--r--kex.h81
1 files changed, 51 insertions, 30 deletions
diff --git a/kex.h b/kex.h
index 593de1208..6d446d1cc 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.107 2019/01/23 00:30:41 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -27,6 +27,7 @@
27#define KEX_H 27#define KEX_H
28 28
29#include "mac.h" 29#include "mac.h"
30#include "crypto_api.h"
30 31
31#ifdef WITH_LEAKMALLOC 32#ifdef WITH_LEAKMALLOC
32#include "leakmalloc.h" 33#include "leakmalloc.h"
@@ -62,6 +63,7 @@
62#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" 63#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
63#define KEX_CURVE25519_SHA256 "curve25519-sha256" 64#define KEX_CURVE25519_SHA256 "curve25519-sha256"
64#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" 65#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
66#define KEX_SNTRUP4591761X25519_SHA512 "sntrup4591761x25519-sha512@tinyssh.org"
65 67
66#define COMP_NONE 0 68#define COMP_NONE 0
67/* pre-auth compression (COMP_ZLIB) is only supported in the client */ 69/* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -100,10 +102,12 @@ enum kex_exchange {
100 KEX_DH_GEX_SHA256, 102 KEX_DH_GEX_SHA256,
101 KEX_ECDH_SHA2, 103 KEX_ECDH_SHA2,
102 KEX_C25519_SHA256, 104 KEX_C25519_SHA256,
105 KEX_KEM_SNTRUP4591761X25519_SHA512,
103 KEX_MAX 106 KEX_MAX
104}; 107};
105 108
106#define KEX_INIT_SENT 0x0001 109#define KEX_INIT_SENT 0x0001
110#define KEX_INITIAL 0x0002
107 111
108struct sshenc { 112struct sshenc {
109 char *name; 113 char *name;
@@ -144,27 +148,29 @@ struct kex {
144 int ext_info_c; 148 int ext_info_c;
145 struct sshbuf *my; 149 struct sshbuf *my;
146 struct sshbuf *peer; 150 struct sshbuf *peer;
151 struct sshbuf *client_version;
152 struct sshbuf *server_version;
147 sig_atomic_t done; 153 sig_atomic_t done;
148 u_int flags; 154 u_int flags;
149 int hash_alg; 155 int hash_alg;
150 int ec_nid; 156 int ec_nid;
151 char *client_version_string;
152 char *server_version_string;
153 char *failed_choice; 157 char *failed_choice;
154 int (*verify_host_key)(struct sshkey *, struct ssh *); 158 int (*verify_host_key)(struct sshkey *, struct ssh *);
155 struct sshkey *(*load_host_public_key)(int, int, struct ssh *); 159 struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
156 struct sshkey *(*load_host_private_key)(int, int, struct ssh *); 160 struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
157 int (*host_key_index)(struct sshkey *, int, struct ssh *); 161 int (*host_key_index)(struct sshkey *, int, struct ssh *);
158 int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, 162 int (*sign)(struct ssh *, struct sshkey *, struct sshkey *,
159 const u_char *, size_t, const char *, u_int); 163 u_char **, size_t *, const u_char *, size_t, const char *);
160 int (*kex[KEX_MAX])(struct ssh *); 164 int (*kex[KEX_MAX])(struct ssh *);
161 /* kex specific state */ 165 /* kex specific state */
162 DH *dh; /* DH */ 166 DH *dh; /* DH */
163 u_int min, max, nbits; /* GEX */ 167 u_int min, max, nbits; /* GEX */
164 EC_KEY *ec_client_key; /* ECDH */ 168 EC_KEY *ec_client_key; /* ECDH */
165 const EC_GROUP *ec_group; /* ECDH */ 169 const EC_GROUP *ec_group; /* ECDH */
166 u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ 170 u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
167 u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ 171 u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
172 u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
173 struct sshbuf *client_pub;
168}; 174};
169 175
170int kex_names_valid(const char *); 176int kex_names_valid(const char *);
@@ -172,7 +178,10 @@ char *kex_alg_list(char);
172char *kex_names_cat(const char *, const char *); 178char *kex_names_cat(const char *, const char *);
173int kex_assemble_names(char **, const char *, const char *); 179int kex_assemble_names(char **, const char *, const char *);
174 180
175int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); 181int kex_exchange_identification(struct ssh *, int, const char *);
182
183struct kex *kex_new(void);
184int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
176int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); 185int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
177void kex_free_newkeys(struct newkeys *); 186void kex_free_newkeys(struct newkeys *);
178void kex_free(struct kex *); 187void kex_free(struct kex *);
@@ -180,44 +189,52 @@ void kex_free(struct kex *);
180int kex_buf2prop(struct sshbuf *, int *, char ***); 189int kex_buf2prop(struct sshbuf *, int *, char ***);
181int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); 190int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
182void kex_prop_free(char **); 191void kex_prop_free(char **);
192int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **);
193int kex_verify_host_key(struct ssh *, struct sshkey *);
183 194
184int kex_send_kexinit(struct ssh *); 195int kex_send_kexinit(struct ssh *);
185int kex_input_kexinit(int, u_int32_t, struct ssh *); 196int kex_input_kexinit(int, u_int32_t, struct ssh *);
186int kex_input_ext_info(int, u_int32_t, struct ssh *); 197int kex_input_ext_info(int, u_int32_t, struct ssh *);
187int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); 198int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
188int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
189int kex_send_newkeys(struct ssh *); 199int kex_send_newkeys(struct ssh *);
190int kex_start_rekex(struct ssh *); 200int kex_start_rekex(struct ssh *);
191 201
192int kexdh_client(struct ssh *);
193int kexdh_server(struct ssh *);
194int kexgex_client(struct ssh *); 202int kexgex_client(struct ssh *);
195int kexgex_server(struct ssh *); 203int kexgex_server(struct ssh *);
196int kexecdh_client(struct ssh *); 204int kex_gen_client(struct ssh *);
197int kexecdh_server(struct ssh *); 205int kex_gen_server(struct ssh *);
198int kexc25519_client(struct ssh *); 206
199int kexc25519_server(struct ssh *); 207int kex_dh_keypair(struct kex *);
208int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
209 struct sshbuf **);
210int kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
211
212int kex_ecdh_keypair(struct kex *);
213int kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
214 struct sshbuf **);
215int kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
216
217int kex_c25519_keypair(struct kex *);
218int kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
219 struct sshbuf **);
220int kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
221
222int kex_kem_sntrup4591761x25519_keypair(struct kex *);
223int kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *,
224 struct sshbuf **, struct sshbuf **);
225int kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *,
226 struct sshbuf **);
200 227
201int kex_dh_hash(int, const char *, const char *, 228int kex_dh_keygen(struct kex *);
202 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, 229int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);
203 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
204 230
205int kexgex_hash(int, const char *, const char *, 231int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *,
206 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, 232 const struct sshbuf *, const struct sshbuf *, const struct sshbuf *,
207 int, int, int, 233 int, int, int,
208 const BIGNUM *, const BIGNUM *, const BIGNUM *, 234 const BIGNUM *, const BIGNUM *, const BIGNUM *,
209 const BIGNUM *, const BIGNUM *, 235 const BIGNUM *, const u_char *, size_t,
210 u_char *, size_t *); 236 u_char *, size_t *);
211 237
212int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
213 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
214 const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
215
216int kex_c25519_hash(int, const char *, const char *,
217 const u_char *, size_t, const u_char *, size_t,
218 const u_char *, size_t, const u_char *, const u_char *,
219 const u_char *, size_t, u_char *, size_t *);
220
221void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) 238void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
222 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) 239 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
223 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); 240 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
@@ -225,9 +242,13 @@ int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
225 const u_char pub[CURVE25519_SIZE], struct sshbuf *out) 242 const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
226 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) 243 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
227 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); 244 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
245int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
246 const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
247 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
248 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
228 249
229#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) 250#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
230void dump_digest(char *, u_char *, int); 251void dump_digest(const char *, const u_char *, int);
231#endif 252#endif
232 253
233#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) 254#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)