1 /* 2 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 /* 25 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 26 * Use is subject to license terms. 27 */ 28 29 /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ 30 31 #ifndef _KEX_H 32 #define _KEX_H 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 #include <openssl/evp.h> 39 #include "buffer.h" 40 #include "cipher.h" 41 #include "key.h" 42 43 #ifdef GSSAPI 44 #ifdef SUNW_GSSAPI 45 #include <gssapi/gssapi.h> 46 #include <gssapi/gssapi_ext.h> 47 #else 48 #ifdef GSS_KRB5 49 #ifdef HEIMDAL 50 #include <gssapi.h> 51 #else 52 #include <gssapi_generic.h> 53 #endif /* HEIMDAL */ 54 #endif /* GSS_KRB5 */ 55 #endif /* SUNW_GSSAPI */ 56 #endif /* GSSAPI */ 57 58 #define KEX_DH1 "diffie-hellman-group1-sha1" 59 #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 60 61 enum kex_init_proposals { 62 PROPOSAL_KEX_ALGS, 63 PROPOSAL_SERVER_HOST_KEY_ALGS, 64 PROPOSAL_ENC_ALGS_CTOS, 65 PROPOSAL_ENC_ALGS_STOC, 66 PROPOSAL_MAC_ALGS_CTOS, 67 PROPOSAL_MAC_ALGS_STOC, 68 PROPOSAL_COMP_ALGS_CTOS, 69 PROPOSAL_COMP_ALGS_STOC, 70 PROPOSAL_LANG_CTOS, 71 PROPOSAL_LANG_STOC, 72 PROPOSAL_MAX 73 }; 74 75 enum kex_modes { 76 MODE_IN, 77 MODE_OUT, 78 MODE_MAX 79 }; 80 81 enum kex_exchange { 82 KEX_DH_GRP1_SHA1, 83 KEX_DH_GEX_SHA1, 84 #ifdef GSSAPI 85 KEX_GSS_GRP1_SHA1, 86 #endif /* GSSAPI */ 87 KEX_MAX 88 }; 89 90 91 #define KEX_INIT_SENT 0x0001 92 93 typedef struct Kex Kex; 94 typedef struct Mac Mac; 95 typedef struct Comp Comp; 96 typedef struct Enc Enc; 97 typedef struct Newkeys Newkeys; 98 99 struct Enc { 100 char *name; 101 Cipher *cipher; 102 int enabled; 103 u_int key_len; 104 u_int block_size; 105 u_char *key; 106 u_char *iv; 107 }; 108 struct Mac { 109 char *name; 110 int enabled; 111 const EVP_MD *md; 112 int mac_len; 113 u_char *key; 114 int key_len; 115 }; 116 struct Comp { 117 int type; 118 int enabled; 119 char *name; 120 }; 121 struct Newkeys { 122 Enc enc; 123 Mac mac; 124 Comp comp; 125 }; 126 127 struct KexOptions { 128 int gss_deleg_creds; 129 }; 130 131 struct Kex { 132 u_char *session_id; 133 u_int session_id_len; 134 Newkeys *newkeys[MODE_MAX]; 135 int we_need; 136 int server; 137 char *serverhost; 138 char *name; 139 int hostkey_type; 140 int kex_type; 141 Buffer my; 142 Buffer peer; 143 int initial_kex_done; 144 int done; 145 int flags; 146 char *client_version_string; 147 char *server_version_string; 148 struct KexOptions options; 149 int (*verify_host_key)(Key *); 150 int (*accept_host_key)(Key *); /* for GSS keyex */ 151 Key *(*load_host_key)(int); 152 int (*host_key_index)(Key *); 153 void (*kex[KEX_MAX])(Kex *); 154 void (*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */ 155 #ifdef GSSAPI 156 gss_OID_set mechs; /* mechs in my proposal */ 157 #endif /* GSSAPI */ 158 }; 159 160 typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */ 161 162 Kex *kex_setup(const char *host, 163 char *proposal[PROPOSAL_MAX], 164 Kex_hook_func hook); 165 void kex_start(Kex *); 166 void kex_finish(Kex *); 167 168 void kex_send_kexinit(Kex *); 169 void kex_input_kexinit(int, u_int32_t, void *); 170 void kex_derive_keys(Kex *, u_char *, BIGNUM *); 171 172 /* XXX Remove after merge of 3.6/7 code is completed */ 173 #if 0 174 void kexdh(Kex *); 175 void kexgex(Kex *); 176 #endif 177 178 Newkeys *kex_get_newkeys(int); 179 180 void kexdh_client(Kex *); 181 void kexdh_server(Kex *); 182 void kexgex_client(Kex *); 183 void kexgex_server(Kex *); 184 185 u_char * 186 kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, 187 BIGNUM *, BIGNUM *, BIGNUM *); 188 u_char * 189 kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, 190 int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); 191 192 #ifdef GSSAPI 193 void kexgss_client(Kex *); 194 void kexgss_server(Kex *); 195 #endif 196 197 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 198 void dump_digest(char *, u_char *, int); 199 #endif 200 201 #ifdef __cplusplus 202 } 203 #endif 204 205 #endif /* _KEX_H */ 206