1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ 6 7 #ifndef _KEX_H 8 #define _KEX_H 9 10 #pragma ident "%Z%%M% %I% %E% SMI" 11 12 #ifdef __cplusplus 13 extern "C" { 14 #endif 15 16 17 /* 18 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 19 * 20 * Redistribution and use in source and binary forms, with or without 21 * modification, are permitted provided that the following conditions 22 * are met: 23 * 1. Redistributions of source code must retain the above copyright 24 * notice, this list of conditions and the following disclaimer. 25 * 2. Redistributions in binary form must reproduce the above copyright 26 * notice, this list of conditions and the following disclaimer in the 27 * documentation and/or other materials provided with the distribution. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 30 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 31 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 32 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 33 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 34 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 38 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 39 */ 40 41 #include <openssl/evp.h> 42 #include "buffer.h" 43 #include "cipher.h" 44 #include "key.h" 45 46 #ifdef GSSAPI 47 #ifdef SUNW_GSSAPI 48 #include <gssapi/gssapi.h> 49 #include <gssapi/gssapi_ext.h> 50 #else 51 #ifdef GSS_KRB5 52 #ifdef HEIMDAL 53 #include <gssapi.h> 54 #else 55 #include <gssapi_generic.h> 56 #endif /* HEIMDAL */ 57 #endif /* GSS_KRB5 */ 58 #endif /* SUNW_GSSAPI */ 59 #endif /* GSSAPI */ 60 61 #define KEX_DH1 "diffie-hellman-group1-sha1" 62 #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 63 64 enum kex_init_proposals { 65 PROPOSAL_KEX_ALGS, 66 PROPOSAL_SERVER_HOST_KEY_ALGS, 67 PROPOSAL_ENC_ALGS_CTOS, 68 PROPOSAL_ENC_ALGS_STOC, 69 PROPOSAL_MAC_ALGS_CTOS, 70 PROPOSAL_MAC_ALGS_STOC, 71 PROPOSAL_COMP_ALGS_CTOS, 72 PROPOSAL_COMP_ALGS_STOC, 73 PROPOSAL_LANG_CTOS, 74 PROPOSAL_LANG_STOC, 75 PROPOSAL_MAX 76 }; 77 78 enum kex_modes { 79 MODE_IN, 80 MODE_OUT, 81 MODE_MAX 82 }; 83 84 enum kex_exchange { 85 KEX_DH_GRP1_SHA1, 86 KEX_DH_GEX_SHA1, 87 #ifdef GSSAPI 88 KEX_GSS_GRP1_SHA1, 89 #endif /* GSSAPI */ 90 KEX_MAX 91 }; 92 93 94 #define KEX_INIT_SENT 0x0001 95 96 typedef struct Kex Kex; 97 typedef struct Mac Mac; 98 typedef struct Comp Comp; 99 typedef struct Enc Enc; 100 typedef struct Newkeys Newkeys; 101 102 struct Enc { 103 char *name; 104 Cipher *cipher; 105 int enabled; 106 u_int key_len; 107 u_int block_size; 108 u_char *key; 109 u_char *iv; 110 }; 111 struct Mac { 112 char *name; 113 int enabled; 114 const EVP_MD *md; 115 int mac_len; 116 u_char *key; 117 int key_len; 118 }; 119 struct Comp { 120 int type; 121 int enabled; 122 char *name; 123 }; 124 struct Newkeys { 125 Enc enc; 126 Mac mac; 127 Comp comp; 128 }; 129 130 struct KexOptions { 131 int gss_deleg_creds; 132 }; 133 134 struct Kex { 135 u_char *session_id; 136 u_int session_id_len; 137 Newkeys *newkeys[MODE_MAX]; 138 int we_need; 139 int server; 140 char *serverhost; 141 char *name; 142 int hostkey_type; 143 int kex_type; 144 Buffer my; 145 Buffer peer; 146 int initial_kex_done; 147 int done; 148 int flags; 149 char *client_version_string; 150 char *server_version_string; 151 struct KexOptions options; 152 int (*verify_host_key)(Key *); 153 int (*accept_host_key)(Key *); /* for GSS keyex */ 154 Key *(*load_host_key)(int); 155 int (*host_key_index)(Key *); 156 void (*kex[KEX_MAX])(Kex *); 157 void (*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */ 158 #ifdef GSSAPI 159 gss_OID_set mechs; /* mechs in my proposal */ 160 #endif /* GSSAPI */ 161 }; 162 163 typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */ 164 165 Kex *kex_setup(const char *host, 166 char *proposal[PROPOSAL_MAX], 167 Kex_hook_func hook); 168 void kex_finish(Kex *); 169 170 void kex_send_kexinit(Kex *); 171 void kex_input_kexinit(int, u_int32_t, void *); 172 void kex_derive_keys(Kex *, u_char *, BIGNUM *); 173 174 /* XXX Remove after merge of 3.6/7 code is completed */ 175 #if 0 176 void kexdh(Kex *); 177 void kexgex(Kex *); 178 #endif 179 180 Newkeys *kex_get_newkeys(int); 181 182 void kexdh_client(Kex *); 183 void kexdh_server(Kex *); 184 void kexgex_client(Kex *); 185 void kexgex_server(Kex *); 186 187 u_char * 188 kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, 189 BIGNUM *, BIGNUM *, BIGNUM *); 190 u_char * 191 kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, 192 int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); 193 194 #ifdef GSSAPI 195 void kexgss_client(Kex *); 196 void kexgss_server(Kex *); 197 #endif 198 199 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 200 void dump_digest(char *, u_char *, int); 201 #endif 202 203 #ifdef __cplusplus 204 } 205 #endif 206 207 #endif /* _KEX_H */ 208