1 files changed, 109 insertions, 86 deletions
diff --git a/kex.h b/kex.h
index 4c40ec851..f70b81fc1 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.64 2014/05/02 03:27:54 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.71 2015/02/16 22:13:32 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,13 +26,28 @@
 #ifndef KEX_H
 #define KEX_H
-#include <signal.h>
+#include "mac.h"
-#include <openssl/evp.h>
+#include "buffer.h" /* XXX for typedef */
-#include <openssl/hmac.h>
+#include "key.h" /* XXX for typedef */
-#ifdef OPENSSL_HAS_ECC
-#include <openssl/ec.h>
+#ifdef WITH_LEAKMALLOC
+#include "leakmalloc.h"
 #endif
+#ifdef WITH_OPENSSL
+# ifdef OPENSSL_HAS_ECC
+#  include <openssl/ec.h>
+# else /* OPENSSL_HAS_ECC */
+#  define EC_KEY        void
+#  define EC_GROUP      void
+#  define EC_POINT      void
+# endif /* OPENSSL_HAS_ECC */
+#else /* WITH_OPENSSL */
+# define EC_KEY         void
+# define EC_GROUP       void
+# define EC_POINT       void
+#endif /* WITH_OPENSSL */
 #define KEX_COOKIE_LEN  16
 #define KEX_DH1                 "diffie-hellman-group1-sha1"
@@ -49,6 +64,8 @@
 #define COMP_ZLIB       1
 #define COMP_DELAYED    2
+#define CURVE25519_SIZE 32
 enum kex_init_proposals {
        PROPOSAL_KEX_ALGS,
        PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -81,15 +98,9 @@ enum kex_exchange {
 #define KEX_INIT_SENT   0x0001
-typedef struct Kex Kex;
+struct sshenc {
-typedef struct Mac Mac;
-typedef struct Comp Comp;
-typedef struct Enc Enc;
-typedef struct Newkeys Newkeys;
-struct Enc {
        char    *name;
-        const Cipher *cipher;
+        const struct sshcipher *cipher;
        int     enabled;
        u_int   key_len;
        u_int   iv_len;
@@ -97,108 +108,120 @@ struct Enc {
        u_char  *key;
        u_char  *iv;
 };
-struct Mac {
+struct sshcomp {
-        char    *name;
+        u_int   type;
-        int     enabled;
-        u_int   mac_len;
-        u_char  *key;
-        u_int   key_len;
-        int     type;
-        int     etm;            /* Encrypt-then-MAC */
-        struct ssh_hmac_ctx     *hmac_ctx;
-        struct umac_ctx         *umac_ctx;
-};
-struct Comp {
-        int     type;
        int     enabled;
        char    *name;
 };
-struct Newkeys {
+struct newkeys {
-        Enc     enc;
+        struct sshenc   enc;
-        Mac     mac;
+        struct sshmac   mac;
-        Comp    comp;
+        struct sshcomp  comp;
 };
-struct Kex {
+struct ssh;
+struct kex {
        u_char  *session_id;
-        u_int   session_id_len;
+        size_t  session_id_len;
-        Newkeys *newkeys[MODE_MAX];
+        struct newkeys  *newkeys[MODE_MAX];
        u_int   we_need;
        u_int   dh_need;
        int     server;
        char    *name;
        int     hostkey_type;
-        int     kex_type;
+        int     hostkey_nid;
+        u_int   kex_type;
        int     roaming;
-        Buffer  my;
+        struct sshbuf *my;
-        Buffer  peer;
+        struct sshbuf *peer;
        sig_atomic_t done;
-        int     flags;
+        u_int   flags;
        int     hash_alg;
        int     ec_nid;
        char    *client_version_string;
        char    *server_version_string;
-        int     (*verify_host_key)(Key *);
+        int     (*verify_host_key)(struct sshkey *, struct ssh *);
-        Key     *(*load_host_public_key)(int);
+        struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
-        Key     *(*load_host_private_key)(int);
+        struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
-        int     (*host_key_index)(Key *);
+        int     (*host_key_index)(struct sshkey *, int, struct ssh *);
-        void    (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
+        int     (*sign)(struct sshkey *, struct sshkey *,
-        void    (*kex[KEX_MAX])(Kex *);
+            u_char **, size_t *, const u_char *, size_t, u_int);
+        int     (*kex[KEX_MAX])(struct ssh *);
+        /* kex specific state */
+        DH      *dh;                    /* DH */
+        u_int   min, max, nbits;        /* GEX */
+        EC_KEY  *ec_client_key;         /* ECDH */
+        const EC_GROUP *ec_group;       /* ECDH */
+        u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+        u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
 };
 int      kex_names_valid(const char *);
 char    *kex_alg_list(char);
-Kex     *kex_setup(char *[PROPOSAL_MAX]);
+int      kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
-void     kex_finish(Kex *);
+int      kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
+void     kex_free_newkeys(struct newkeys *);
-void     kex_send_kexinit(Kex *);
+void     kex_free(struct kex *);
-void     kex_input_kexinit(int, u_int32_t, void *);
-void     kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
+int      kex_buf2prop(struct sshbuf *, int *, char ***);
-void     kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
+int      kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
+void     kex_prop_free(char **);
-Newkeys *kex_get_newkeys(int);
+int      kex_send_kexinit(struct ssh *);
-void     kexdh_client(Kex *);
+int      kex_input_kexinit(int, u_int32_t, void *);
-void     kexdh_server(Kex *);
+int      kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
-void     kexgex_client(Kex *);
+int      kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
-void     kexgex_server(Kex *);
+int      kex_send_newkeys(struct ssh *);
-void     kexecdh_client(Kex *);
-void     kexecdh_server(Kex *);
+int      kexdh_client(struct ssh *);
-void     kexc25519_client(Kex *);
+int      kexdh_server(struct ssh *);
-void     kexc25519_server(Kex *);
+int      kexgex_client(struct ssh *);
+int      kexgex_server(struct ssh *);
-void
+int      kexecdh_client(struct ssh *);
-kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+int      kexecdh_server(struct ssh *);
-    BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
+int      kexc25519_client(struct ssh *);
-void
+int      kexc25519_server(struct ssh *);
-kexgex_hash(int, char *, char *, char *, int, char *,
-    int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
+int      kex_dh_hash(const char *, const char *,
-    BIGNUM *, BIGNUM *, u_char **, u_int *);
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
-#ifdef OPENSSL_HAS_ECC
+    const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
-void
-kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
+int      kexgex_hash(int, const char *, const char *,
-    char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
-    const BIGNUM *, u_char **, u_int *);
+    int, int, int,
-#endif
+    const BIGNUM *, const BIGNUM *, const BIGNUM *,
-void
+    const BIGNUM *, const BIGNUM *,
-kex_c25519_hash(int, char *, char *, char *, int,
+    u_char *, size_t *);
-    char *, int, u_char *, int, const u_char *, const u_char *,
-    const u_char *, u_int, u_char **, u_int *);
+int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
+    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
-#define CURVE25519_SIZE 32
+    const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
-void    kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
+int      kex_c25519_hash(int, const char *, const char *, const char *, size_t,
+    const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
+    const u_char *, size_t, u_char *, size_t *);
+void    kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+int     kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
-    const u_char pub[CURVE25519_SIZE], Buffer *out)
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void
+int
 derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void    dump_digest(char *, u_char *, int);
 #endif
+#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)
+# undef EC_KEY
+# undef EC_GROUP
+# undef EC_POINT
+#endif
 #endif

diff --git a/kex.h b/kex.h index 4c40ec851..f70b81fc1 100644 --- a/kex.h +++ b/kex.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kex.h,v 1.64 2014/05/02 03:27:54 djm Exp $ */	1	/* $OpenBSD: kex.h,v 1.71 2015/02/16 22:13:32 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -26,13 +26,28 @@
26	#ifndef KEX_H	26	#ifndef KEX_H
27	#define KEX_H	27	#define KEX_H
28		28
29	#include <signal.h>	29	#include "mac.h"
30	#include <openssl/evp.h>	30	#include "buffer.h" /* XXX for typedef */
31	#include <openssl/hmac.h>	31	#include "key.h" /* XXX for typedef */
32	#ifdef OPENSSL_HAS_ECC	32
33	#include <openssl/ec.h>	33	#ifdef WITH_LEAKMALLOC
		34	#include "leakmalloc.h"
34	#endif	35	#endif
35		36
		37	#ifdef WITH_OPENSSL
		38	# ifdef OPENSSL_HAS_ECC
		39	# include <openssl/ec.h>
		40	# else /* OPENSSL_HAS_ECC */
		41	# define EC_KEY void
		42	# define EC_GROUP void
		43	# define EC_POINT void
		44	# endif /* OPENSSL_HAS_ECC */
		45	#else /* WITH_OPENSSL */
		46	# define EC_KEY void
		47	# define EC_GROUP void
		48	# define EC_POINT void
		49	#endif /* WITH_OPENSSL */
		50
36	#define KEX_COOKIE_LEN 16	51	#define KEX_COOKIE_LEN 16
37		52
38	#define KEX_DH1 "diffie-hellman-group1-sha1"	53	#define KEX_DH1 "diffie-hellman-group1-sha1"
@@ -49,6 +64,8 @@
49	#define COMP_ZLIB 1	64	#define COMP_ZLIB 1
50	#define COMP_DELAYED 2	65	#define COMP_DELAYED 2
51		66
		67	#define CURVE25519_SIZE 32
		68
52	enum kex_init_proposals {	69	enum kex_init_proposals {
53	PROPOSAL_KEX_ALGS,	70	PROPOSAL_KEX_ALGS,
54	PROPOSAL_SERVER_HOST_KEY_ALGS,	71	PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -81,15 +98,9 @@ enum kex_exchange {
81		98
82	#define KEX_INIT_SENT 0x0001	99	#define KEX_INIT_SENT 0x0001
83		100
84	typedef struct Kex Kex;	101	struct sshenc {
85	typedef struct Mac Mac;
86	typedef struct Comp Comp;
87	typedef struct Enc Enc;
88	typedef struct Newkeys Newkeys;
89
90	struct Enc {
91	char *name;	102	char *name;
92	const Cipher *cipher;	103	const struct sshcipher *cipher;
93	int enabled;	104	int enabled;
94	u_int key_len;	105	u_int key_len;
95	u_int iv_len;	106	u_int iv_len;
@@ -97,108 +108,120 @@ struct Enc {
97	u_char *key;	108	u_char *key;
98	u_char *iv;	109	u_char *iv;
99	};	110	};
100	struct Mac {	111	struct sshcomp {
101	char *name;	112	u_int type;
102	int enabled;
103	u_int mac_len;
104	u_char *key;
105	u_int key_len;
106	int type;
107	int etm; /* Encrypt-then-MAC */
108	struct ssh_hmac_ctx *hmac_ctx;
109	struct umac_ctx *umac_ctx;
110	};
111	struct Comp {
112	int type;
113	int enabled;	113	int enabled;
114	char *name;	114	char *name;
115	};	115	};
116	struct Newkeys {	116	struct newkeys {
117	Enc enc;	117	struct sshenc enc;
118	Mac mac;	118	struct sshmac mac;
119	Comp comp;	119	struct sshcomp comp;
120	};	120	};
121	struct Kex {	121
		122	struct ssh;
		123
		124	struct kex {
122	u_char *session_id;	125	u_char *session_id;
123	u_int session_id_len;	126	size_t session_id_len;
124	Newkeys *newkeys[MODE_MAX];	127	struct newkeys *newkeys[MODE_MAX];
125	u_int we_need;	128	u_int we_need;
126	u_int dh_need;	129	u_int dh_need;
127	int server;	130	int server;
128	char *name;	131	char *name;
129	int hostkey_type;	132	int hostkey_type;
130	int kex_type;	133	int hostkey_nid;
		134	u_int kex_type;
131	int roaming;	135	int roaming;
132	Buffer my;	136	struct sshbuf *my;
133	Buffer peer;	137	struct sshbuf *peer;
134	sig_atomic_t done;	138	sig_atomic_t done;
135	int flags;	139	u_int flags;
136	int hash_alg;	140	int hash_alg;
137	int ec_nid;	141	int ec_nid;
138	char *client_version_string;	142	char *client_version_string;
139	char *server_version_string;	143	char *server_version_string;
140	int (verify_host_key)(Key );	144	int (verify_host_key)(struct sshkey , struct ssh *);
141	Key (load_host_public_key)(int);	145	struct sshkey (load_host_public_key)(int, int, struct ssh *);
142	Key (load_host_private_key)(int);	146	struct sshkey (load_host_private_key)(int, int, struct ssh *);
143	int (host_key_index)(Key );	147	int (host_key_index)(struct sshkey , int, struct ssh *);
144	void (sign)(Key , Key , u_char , u_int , u_char *, u_int);	148	int (sign)(struct sshkey , struct sshkey *,
145	void (kex[KEX_MAX])(Kex );	149	u_char *, size_t , const u_char *, size_t, u_int);
		150	int (kex[KEX_MAX])(struct ssh );
		151	/* kex specific state */
		152	DH dh; / DH */
		153	u_int min, max, nbits; /* GEX */
		154	EC_KEY ec_client_key; / ECDH */
		155	const EC_GROUP ec_group; / ECDH */
		156	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
		157	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
146	};	158	};
147		159
148	int kex_names_valid(const char *);	160	int kex_names_valid(const char *);
149	char *kex_alg_list(char);	161	char *kex_alg_list(char);
150		162
151	Kex kex_setup(char [PROPOSAL_MAX]);	163	int kex_new(struct ssh , char [PROPOSAL_MAX], struct kex **);
152	void kex_finish(Kex *);	164	int kex_setup(struct ssh , char [PROPOSAL_MAX]);
153		165	void kex_free_newkeys(struct newkeys *);
154	void kex_send_kexinit(Kex *);	166	void kex_free(struct kex *);
155	void kex_input_kexinit(int, u_int32_t, void *);	167
156	void kex_derive_keys(Kex , u_char , u_int, const u_char *, u_int);	168	int kex_buf2prop(struct sshbuf , int , char ***);
157	void kex_derive_keys_bn(Kex , u_char , u_int, const BIGNUM *);	169	int kex_prop2buf(struct sshbuf , char proposal[PROPOSAL_MAX]);
158		170	void kex_prop_free(char **);
159	Newkeys *kex_get_newkeys(int);	171
160		172	int kex_send_kexinit(struct ssh *);
161	void kexdh_client(Kex *);	173	int kex_input_kexinit(int, u_int32_t, void *);
162	void kexdh_server(Kex *);	174	int kex_derive_keys(struct ssh , u_char , u_int, const struct sshbuf *);
163	void kexgex_client(Kex *);	175	int kex_derive_keys_bn(struct ssh , u_char , u_int, const BIGNUM *);
164	void kexgex_server(Kex *);	176	int kex_send_newkeys(struct ssh *);
165	void kexecdh_client(Kex *);	177
166	void kexecdh_server(Kex *);	178	int kexdh_client(struct ssh *);
167	void kexc25519_client(Kex *);	179	int kexdh_server(struct ssh *);
168	void kexc25519_server(Kex *);	180	int kexgex_client(struct ssh *);
169		181	int kexgex_server(struct ssh *);
170	void	182	int kexecdh_client(struct ssh *);
171	kex_dh_hash(char , char , char , int, char , int, u_char *, int,	183	int kexecdh_server(struct ssh *);
172	BIGNUM , BIGNUM , BIGNUM , u_char , u_int );	184	int kexc25519_client(struct ssh *);
173	void	185	int kexc25519_server(struct ssh *);
174	kexgex_hash(int, char , char , char , int, char ,	186
175	int, u_char , int, int, int, int, BIGNUM , BIGNUM , BIGNUM ,	187	int kex_dh_hash(const char , const char ,
176	BIGNUM , BIGNUM , u_char *, u_int );	188	const u_char , size_t, const u_char , size_t, const u_char *, size_t,
177	#ifdef OPENSSL_HAS_ECC	189	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);
178	void	190
179	kex_ecdh_hash(int, const EC_GROUP , char , char , char , int,	191	int kexgex_hash(int, const char , const char ,
180	char , int, u_char , int, const EC_POINT , const EC_POINT ,	192	const u_char , size_t, const u_char , size_t, const u_char *, size_t,
181	const BIGNUM , u_char , u_int );	193	int, int, int,
182	#endif	194	const BIGNUM , const BIGNUM , const BIGNUM *,
183	void	195	const BIGNUM , const BIGNUM ,
184	kex_c25519_hash(int, char , char , char *, int,	196	u_char , size_t );
185	char , int, u_char , int, const u_char , const u_char ,	197
186	const u_char , u_int, u_char , u_int );	198	int kex_ecdh_hash(int, const EC_GROUP , const char , const char *,
187		199	const u_char , size_t, const u_char , size_t, const u_char *, size_t,
188	#define CURVE25519_SIZE 32	200	const EC_POINT , const EC_POINT , const BIGNUM , u_char , size_t *);
189	void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])	201
		202	int kex_c25519_hash(int, const char , const char , const char *, size_t,
		203	const char , size_t, const u_char , size_t, const u_char , const u_char ,
		204	const u_char , size_t, u_char , size_t *);
		205
		206	void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
190	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))	207	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
191	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));	208	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
192	void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],	209	int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
193	const u_char pub[CURVE25519_SIZE], Buffer *out)	210	const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
194	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))	211	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
195	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));	212	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
196		213
197	void	214	int
198	derive_ssh1_session_id(BIGNUM , BIGNUM , u_int8_t[8], u_int8_t[16]);	215	derive_ssh1_session_id(BIGNUM , BIGNUM , u_int8_t[8], u_int8_t[16]);
199		216
200	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)	217	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)
201	void dump_digest(char , u_char , int);	218	void dump_digest(char , u_char , int);
202	#endif	219	#endif
203		220
		221	#if !defined(WITH_OPENSSL) \|\| !defined(OPENSSL_HAS_ECC)
		222	# undef EC_KEY
		223	# undef EC_GROUP
		224	# undef EC_POINT
		225	#endif
		226
204	#endif	227	#endif