xref: /titanic_44/usr/src/cmd/ssh/include/kex.h (revision 8caf082f3daf088f1c2d8d364a3bd1af21c1c770) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * Redistribution and use in source and binary forms, with or without
57c478bd9Sstevel@tonic-gate  * modification, are permitted provided that the following conditions
67c478bd9Sstevel@tonic-gate  * are met:
77c478bd9Sstevel@tonic-gate  * 1. Redistributions of source code must retain the above copyright
87c478bd9Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer.
97c478bd9Sstevel@tonic-gate  * 2. Redistributions in binary form must reproduce the above copyright
107c478bd9Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer in the
117c478bd9Sstevel@tonic-gate  *    documentation and/or other materials provided with the distribution.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
147c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
157c478bd9Sstevel@tonic-gate  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
167c478bd9Sstevel@tonic-gate  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
177c478bd9Sstevel@tonic-gate  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
187c478bd9Sstevel@tonic-gate  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
197c478bd9Sstevel@tonic-gate  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
207c478bd9Sstevel@tonic-gate  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
217c478bd9Sstevel@tonic-gate  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
227c478bd9Sstevel@tonic-gate  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
237c478bd9Sstevel@tonic-gate  */
24cd7d5fafSJan Pechanec /*
25*8caf082fSJan Pechanec  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
26cd7d5fafSJan Pechanec  * Use is subject to license terms.
27cd7d5fafSJan Pechanec  */
28cd7d5fafSJan Pechanec 
29cd7d5fafSJan Pechanec /*	$OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $	*/
30cd7d5fafSJan Pechanec 
31cd7d5fafSJan Pechanec #ifndef	_KEX_H
32cd7d5fafSJan Pechanec #define	_KEX_H
33cd7d5fafSJan Pechanec 
34cd7d5fafSJan Pechanec #ifdef __cplusplus
35cd7d5fafSJan Pechanec extern "C" {
36cd7d5fafSJan Pechanec #endif
377c478bd9Sstevel@tonic-gate 
387c478bd9Sstevel@tonic-gate #include <openssl/evp.h>
39*8caf082fSJan Pechanec #include <openssl/hmac.h>
407c478bd9Sstevel@tonic-gate #include "buffer.h"
417c478bd9Sstevel@tonic-gate #include "cipher.h"
427c478bd9Sstevel@tonic-gate #include "key.h"
437c478bd9Sstevel@tonic-gate 
447c478bd9Sstevel@tonic-gate #ifdef GSSAPI
457c478bd9Sstevel@tonic-gate #ifdef SUNW_GSSAPI
467c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h>
477c478bd9Sstevel@tonic-gate #include <gssapi/gssapi_ext.h>
487c478bd9Sstevel@tonic-gate #else
497c478bd9Sstevel@tonic-gate #ifdef GSS_KRB5
507c478bd9Sstevel@tonic-gate #ifdef HEIMDAL
517c478bd9Sstevel@tonic-gate #include <gssapi.h>
527c478bd9Sstevel@tonic-gate #else
537c478bd9Sstevel@tonic-gate #include <gssapi_generic.h>
547c478bd9Sstevel@tonic-gate #endif /* HEIMDAL */
557c478bd9Sstevel@tonic-gate #endif /* GSS_KRB5 */
567c478bd9Sstevel@tonic-gate #endif /* SUNW_GSSAPI */
577c478bd9Sstevel@tonic-gate #endif /* GSSAPI */
587c478bd9Sstevel@tonic-gate 
597c478bd9Sstevel@tonic-gate #define	KEX_DH1		"diffie-hellman-group1-sha1"
607c478bd9Sstevel@tonic-gate #define	KEX_DHGEX	"diffie-hellman-group-exchange-sha1"
617c478bd9Sstevel@tonic-gate 
627c478bd9Sstevel@tonic-gate enum kex_init_proposals {
637c478bd9Sstevel@tonic-gate 	PROPOSAL_KEX_ALGS,
647c478bd9Sstevel@tonic-gate 	PROPOSAL_SERVER_HOST_KEY_ALGS,
657c478bd9Sstevel@tonic-gate 	PROPOSAL_ENC_ALGS_CTOS,
667c478bd9Sstevel@tonic-gate 	PROPOSAL_ENC_ALGS_STOC,
677c478bd9Sstevel@tonic-gate 	PROPOSAL_MAC_ALGS_CTOS,
687c478bd9Sstevel@tonic-gate 	PROPOSAL_MAC_ALGS_STOC,
697c478bd9Sstevel@tonic-gate 	PROPOSAL_COMP_ALGS_CTOS,
707c478bd9Sstevel@tonic-gate 	PROPOSAL_COMP_ALGS_STOC,
717c478bd9Sstevel@tonic-gate 	PROPOSAL_LANG_CTOS,
727c478bd9Sstevel@tonic-gate 	PROPOSAL_LANG_STOC,
737c478bd9Sstevel@tonic-gate 	PROPOSAL_MAX
747c478bd9Sstevel@tonic-gate };
757c478bd9Sstevel@tonic-gate 
767c478bd9Sstevel@tonic-gate enum kex_modes {
777c478bd9Sstevel@tonic-gate 	MODE_IN,
787c478bd9Sstevel@tonic-gate 	MODE_OUT,
797c478bd9Sstevel@tonic-gate 	MODE_MAX
807c478bd9Sstevel@tonic-gate };
817c478bd9Sstevel@tonic-gate 
827c478bd9Sstevel@tonic-gate enum kex_exchange {
837c478bd9Sstevel@tonic-gate 	KEX_DH_GRP1_SHA1,
847c478bd9Sstevel@tonic-gate 	KEX_DH_GEX_SHA1,
857c478bd9Sstevel@tonic-gate #ifdef GSSAPI
867c478bd9Sstevel@tonic-gate 	KEX_GSS_GRP1_SHA1,
877c478bd9Sstevel@tonic-gate #endif /* GSSAPI */
887c478bd9Sstevel@tonic-gate 	KEX_MAX
897c478bd9Sstevel@tonic-gate };
907c478bd9Sstevel@tonic-gate 
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate #define KEX_INIT_SENT	0x0001
937c478bd9Sstevel@tonic-gate 
947c478bd9Sstevel@tonic-gate typedef struct Kex Kex;
957c478bd9Sstevel@tonic-gate typedef struct Mac Mac;
967c478bd9Sstevel@tonic-gate typedef struct Comp Comp;
977c478bd9Sstevel@tonic-gate typedef struct Enc Enc;
987c478bd9Sstevel@tonic-gate typedef struct Newkeys Newkeys;
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate struct Enc {
1017c478bd9Sstevel@tonic-gate 	char	*name;
1027c478bd9Sstevel@tonic-gate 	Cipher	*cipher;
1037c478bd9Sstevel@tonic-gate 	int	enabled;
1047c478bd9Sstevel@tonic-gate 	u_int	key_len;
1057c478bd9Sstevel@tonic-gate 	u_int	block_size;
1067c478bd9Sstevel@tonic-gate 	u_char	*key;
1077c478bd9Sstevel@tonic-gate 	u_char	*iv;
1087c478bd9Sstevel@tonic-gate };
1097c478bd9Sstevel@tonic-gate struct Mac {
1107c478bd9Sstevel@tonic-gate 	char		*name;
1117c478bd9Sstevel@tonic-gate 	int		enabled;
112*8caf082fSJan Pechanec 	u_int		mac_len;
1137c478bd9Sstevel@tonic-gate 	u_char		*key;
114*8caf082fSJan Pechanec 	u_int		key_len;
115*8caf082fSJan Pechanec 	int		type;
116*8caf082fSJan Pechanec 	const EVP_MD	*evp_md;
117*8caf082fSJan Pechanec 	HMAC_CTX	evp_ctx;
1187c478bd9Sstevel@tonic-gate };
1197c478bd9Sstevel@tonic-gate struct Comp {
1207c478bd9Sstevel@tonic-gate 	int	type;
1217c478bd9Sstevel@tonic-gate 	int	enabled;
1227c478bd9Sstevel@tonic-gate 	char	*name;
1237c478bd9Sstevel@tonic-gate };
1247c478bd9Sstevel@tonic-gate struct Newkeys {
1257c478bd9Sstevel@tonic-gate 	Enc	enc;
1267c478bd9Sstevel@tonic-gate 	Mac	mac;
1277c478bd9Sstevel@tonic-gate 	Comp	comp;
1287c478bd9Sstevel@tonic-gate };
1297c478bd9Sstevel@tonic-gate 
1307c478bd9Sstevel@tonic-gate struct KexOptions {
1317c478bd9Sstevel@tonic-gate 	int	gss_deleg_creds;
1327c478bd9Sstevel@tonic-gate };
1337c478bd9Sstevel@tonic-gate 
1347c478bd9Sstevel@tonic-gate struct Kex {
1357c478bd9Sstevel@tonic-gate 	u_char	*session_id;
1367c478bd9Sstevel@tonic-gate 	u_int	session_id_len;
1377c478bd9Sstevel@tonic-gate 	Newkeys	*newkeys[MODE_MAX];
1387c478bd9Sstevel@tonic-gate 	int	we_need;
1397c478bd9Sstevel@tonic-gate 	int	server;
1407c478bd9Sstevel@tonic-gate 	char	*serverhost;
1417c478bd9Sstevel@tonic-gate 	char	*name;
1427c478bd9Sstevel@tonic-gate 	int	hostkey_type;
1437c478bd9Sstevel@tonic-gate 	int	kex_type;
1447c478bd9Sstevel@tonic-gate 	Buffer	my;
1457c478bd9Sstevel@tonic-gate 	Buffer	peer;
1467c478bd9Sstevel@tonic-gate 	int	initial_kex_done;
1477c478bd9Sstevel@tonic-gate 	int	done;
1487c478bd9Sstevel@tonic-gate 	int	flags;
1497c478bd9Sstevel@tonic-gate 	char	*client_version_string;
1507c478bd9Sstevel@tonic-gate 	char	*server_version_string;
1517c478bd9Sstevel@tonic-gate 	struct  KexOptions options;
1527c478bd9Sstevel@tonic-gate 	int	(*verify_host_key)(Key *);
1537c478bd9Sstevel@tonic-gate 	int	(*accept_host_key)(Key *); /* for GSS keyex */
1547c478bd9Sstevel@tonic-gate 	Key	*(*load_host_key)(int);
1557c478bd9Sstevel@tonic-gate 	int	(*host_key_index)(Key *);
1567c478bd9Sstevel@tonic-gate 	void    (*kex[KEX_MAX])(Kex *);
1577c478bd9Sstevel@tonic-gate 	void	(*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */
1587c478bd9Sstevel@tonic-gate #ifdef GSSAPI
1597c478bd9Sstevel@tonic-gate 	gss_OID_set mechs; /* mechs in my proposal */
1607c478bd9Sstevel@tonic-gate #endif /* GSSAPI */
1617c478bd9Sstevel@tonic-gate };
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate Kex	 *kex_setup(const char *host,
1667c478bd9Sstevel@tonic-gate 		    char *proposal[PROPOSAL_MAX],
1677c478bd9Sstevel@tonic-gate 		    Kex_hook_func hook);
168cd7d5fafSJan Pechanec void	  kex_start(Kex *);
1697c478bd9Sstevel@tonic-gate void	  kex_finish(Kex *);
1707c478bd9Sstevel@tonic-gate 
1717c478bd9Sstevel@tonic-gate void	  kex_send_kexinit(Kex *);
1727c478bd9Sstevel@tonic-gate void	  kex_input_kexinit(int, u_int32_t, void *);
1737c478bd9Sstevel@tonic-gate void	  kex_derive_keys(Kex *, u_char *, BIGNUM *);
1747c478bd9Sstevel@tonic-gate 
1757c478bd9Sstevel@tonic-gate Newkeys *kex_get_newkeys(int);
1767c478bd9Sstevel@tonic-gate 
1777c478bd9Sstevel@tonic-gate void    kexdh_client(Kex *);
1787c478bd9Sstevel@tonic-gate void    kexdh_server(Kex *);
1797c478bd9Sstevel@tonic-gate void    kexgex_client(Kex *);
1807c478bd9Sstevel@tonic-gate void    kexgex_server(Kex *);
1817c478bd9Sstevel@tonic-gate 
1827c478bd9Sstevel@tonic-gate u_char *
1837c478bd9Sstevel@tonic-gate kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
1847c478bd9Sstevel@tonic-gate 	    BIGNUM *, BIGNUM *, BIGNUM *);
1857c478bd9Sstevel@tonic-gate u_char *
1867c478bd9Sstevel@tonic-gate kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
1877c478bd9Sstevel@tonic-gate 	    int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
1887c478bd9Sstevel@tonic-gate 
1897c478bd9Sstevel@tonic-gate #ifdef GSSAPI
1907c478bd9Sstevel@tonic-gate void     kexgss_client(Kex *);
1917c478bd9Sstevel@tonic-gate void     kexgss_server(Kex *);
1927c478bd9Sstevel@tonic-gate #endif
1937c478bd9Sstevel@tonic-gate 
1947c478bd9Sstevel@tonic-gate #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
1957c478bd9Sstevel@tonic-gate void	dump_digest(char *, u_char *, int);
1967c478bd9Sstevel@tonic-gate #endif
1977c478bd9Sstevel@tonic-gate 
1987c478bd9Sstevel@tonic-gate #ifdef __cplusplus
1997c478bd9Sstevel@tonic-gate }
2007c478bd9Sstevel@tonic-gate #endif
2017c478bd9Sstevel@tonic-gate 
2027c478bd9Sstevel@tonic-gate #endif /* _KEX_H */
203