17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 57c478bd9Sstevel@tonic-gate * modification, are permitted provided that the following conditions 67c478bd9Sstevel@tonic-gate * are met: 77c478bd9Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright 87c478bd9Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 97c478bd9Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 107c478bd9Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the 117c478bd9Sstevel@tonic-gate * documentation and/or other materials provided with the distribution. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 147c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 157c478bd9Sstevel@tonic-gate * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 167c478bd9Sstevel@tonic-gate * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 177c478bd9Sstevel@tonic-gate * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 187c478bd9Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 197c478bd9Sstevel@tonic-gate * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 207c478bd9Sstevel@tonic-gate * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 217c478bd9Sstevel@tonic-gate * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 227c478bd9Sstevel@tonic-gate * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 237c478bd9Sstevel@tonic-gate */ 24*cd7d5fafSJan Pechanec /* 25*cd7d5fafSJan Pechanec * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 26*cd7d5fafSJan Pechanec * Use is subject to license terms. 27*cd7d5fafSJan Pechanec */ 28*cd7d5fafSJan Pechanec 29*cd7d5fafSJan Pechanec /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ 30*cd7d5fafSJan Pechanec 31*cd7d5fafSJan Pechanec #ifndef _KEX_H 32*cd7d5fafSJan Pechanec #define _KEX_H 33*cd7d5fafSJan Pechanec 34*cd7d5fafSJan Pechanec #ifdef __cplusplus 35*cd7d5fafSJan Pechanec extern "C" { 36*cd7d5fafSJan Pechanec #endif 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate #include <openssl/evp.h> 397c478bd9Sstevel@tonic-gate #include "buffer.h" 407c478bd9Sstevel@tonic-gate #include "cipher.h" 417c478bd9Sstevel@tonic-gate #include "key.h" 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #ifdef GSSAPI 447c478bd9Sstevel@tonic-gate #ifdef SUNW_GSSAPI 457c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 467c478bd9Sstevel@tonic-gate #include <gssapi/gssapi_ext.h> 477c478bd9Sstevel@tonic-gate #else 487c478bd9Sstevel@tonic-gate #ifdef GSS_KRB5 497c478bd9Sstevel@tonic-gate #ifdef HEIMDAL 507c478bd9Sstevel@tonic-gate #include <gssapi.h> 517c478bd9Sstevel@tonic-gate #else 527c478bd9Sstevel@tonic-gate #include <gssapi_generic.h> 537c478bd9Sstevel@tonic-gate #endif /* HEIMDAL */ 547c478bd9Sstevel@tonic-gate #endif /* GSS_KRB5 */ 557c478bd9Sstevel@tonic-gate #endif /* SUNW_GSSAPI */ 567c478bd9Sstevel@tonic-gate #endif /* GSSAPI */ 577c478bd9Sstevel@tonic-gate 587c478bd9Sstevel@tonic-gate #define KEX_DH1 "diffie-hellman-group1-sha1" 597c478bd9Sstevel@tonic-gate #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate enum kex_init_proposals { 627c478bd9Sstevel@tonic-gate PROPOSAL_KEX_ALGS, 637c478bd9Sstevel@tonic-gate PROPOSAL_SERVER_HOST_KEY_ALGS, 647c478bd9Sstevel@tonic-gate PROPOSAL_ENC_ALGS_CTOS, 657c478bd9Sstevel@tonic-gate PROPOSAL_ENC_ALGS_STOC, 667c478bd9Sstevel@tonic-gate PROPOSAL_MAC_ALGS_CTOS, 677c478bd9Sstevel@tonic-gate PROPOSAL_MAC_ALGS_STOC, 687c478bd9Sstevel@tonic-gate PROPOSAL_COMP_ALGS_CTOS, 697c478bd9Sstevel@tonic-gate PROPOSAL_COMP_ALGS_STOC, 707c478bd9Sstevel@tonic-gate PROPOSAL_LANG_CTOS, 717c478bd9Sstevel@tonic-gate PROPOSAL_LANG_STOC, 727c478bd9Sstevel@tonic-gate PROPOSAL_MAX 737c478bd9Sstevel@tonic-gate }; 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate enum kex_modes { 767c478bd9Sstevel@tonic-gate MODE_IN, 777c478bd9Sstevel@tonic-gate MODE_OUT, 787c478bd9Sstevel@tonic-gate MODE_MAX 797c478bd9Sstevel@tonic-gate }; 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate enum kex_exchange { 827c478bd9Sstevel@tonic-gate KEX_DH_GRP1_SHA1, 837c478bd9Sstevel@tonic-gate KEX_DH_GEX_SHA1, 847c478bd9Sstevel@tonic-gate #ifdef GSSAPI 857c478bd9Sstevel@tonic-gate KEX_GSS_GRP1_SHA1, 867c478bd9Sstevel@tonic-gate #endif /* GSSAPI */ 877c478bd9Sstevel@tonic-gate KEX_MAX 887c478bd9Sstevel@tonic-gate }; 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate #define KEX_INIT_SENT 0x0001 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate typedef struct Kex Kex; 947c478bd9Sstevel@tonic-gate typedef struct Mac Mac; 957c478bd9Sstevel@tonic-gate typedef struct Comp Comp; 967c478bd9Sstevel@tonic-gate typedef struct Enc Enc; 977c478bd9Sstevel@tonic-gate typedef struct Newkeys Newkeys; 987c478bd9Sstevel@tonic-gate 997c478bd9Sstevel@tonic-gate struct Enc { 1007c478bd9Sstevel@tonic-gate char *name; 1017c478bd9Sstevel@tonic-gate Cipher *cipher; 1027c478bd9Sstevel@tonic-gate int enabled; 1037c478bd9Sstevel@tonic-gate u_int key_len; 1047c478bd9Sstevel@tonic-gate u_int block_size; 1057c478bd9Sstevel@tonic-gate u_char *key; 1067c478bd9Sstevel@tonic-gate u_char *iv; 1077c478bd9Sstevel@tonic-gate }; 1087c478bd9Sstevel@tonic-gate struct Mac { 1097c478bd9Sstevel@tonic-gate char *name; 1107c478bd9Sstevel@tonic-gate int enabled; 1117c478bd9Sstevel@tonic-gate const EVP_MD *md; 1127c478bd9Sstevel@tonic-gate int mac_len; 1137c478bd9Sstevel@tonic-gate u_char *key; 1147c478bd9Sstevel@tonic-gate int key_len; 1157c478bd9Sstevel@tonic-gate }; 1167c478bd9Sstevel@tonic-gate struct Comp { 1177c478bd9Sstevel@tonic-gate int type; 1187c478bd9Sstevel@tonic-gate int enabled; 1197c478bd9Sstevel@tonic-gate char *name; 1207c478bd9Sstevel@tonic-gate }; 1217c478bd9Sstevel@tonic-gate struct Newkeys { 1227c478bd9Sstevel@tonic-gate Enc enc; 1237c478bd9Sstevel@tonic-gate Mac mac; 1247c478bd9Sstevel@tonic-gate Comp comp; 1257c478bd9Sstevel@tonic-gate }; 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate struct KexOptions { 1287c478bd9Sstevel@tonic-gate int gss_deleg_creds; 1297c478bd9Sstevel@tonic-gate }; 1307c478bd9Sstevel@tonic-gate 1317c478bd9Sstevel@tonic-gate struct Kex { 1327c478bd9Sstevel@tonic-gate u_char *session_id; 1337c478bd9Sstevel@tonic-gate u_int session_id_len; 1347c478bd9Sstevel@tonic-gate Newkeys *newkeys[MODE_MAX]; 1357c478bd9Sstevel@tonic-gate int we_need; 1367c478bd9Sstevel@tonic-gate int server; 1377c478bd9Sstevel@tonic-gate char *serverhost; 1387c478bd9Sstevel@tonic-gate char *name; 1397c478bd9Sstevel@tonic-gate int hostkey_type; 1407c478bd9Sstevel@tonic-gate int kex_type; 1417c478bd9Sstevel@tonic-gate Buffer my; 1427c478bd9Sstevel@tonic-gate Buffer peer; 1437c478bd9Sstevel@tonic-gate int initial_kex_done; 1447c478bd9Sstevel@tonic-gate int done; 1457c478bd9Sstevel@tonic-gate int flags; 1467c478bd9Sstevel@tonic-gate char *client_version_string; 1477c478bd9Sstevel@tonic-gate char *server_version_string; 1487c478bd9Sstevel@tonic-gate struct KexOptions options; 1497c478bd9Sstevel@tonic-gate int (*verify_host_key)(Key *); 1507c478bd9Sstevel@tonic-gate int (*accept_host_key)(Key *); /* for GSS keyex */ 1517c478bd9Sstevel@tonic-gate Key *(*load_host_key)(int); 1527c478bd9Sstevel@tonic-gate int (*host_key_index)(Key *); 1537c478bd9Sstevel@tonic-gate void (*kex[KEX_MAX])(Kex *); 1547c478bd9Sstevel@tonic-gate void (*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */ 1557c478bd9Sstevel@tonic-gate #ifdef GSSAPI 1567c478bd9Sstevel@tonic-gate gss_OID_set mechs; /* mechs in my proposal */ 1577c478bd9Sstevel@tonic-gate #endif /* GSSAPI */ 1587c478bd9Sstevel@tonic-gate }; 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */ 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate Kex *kex_setup(const char *host, 1637c478bd9Sstevel@tonic-gate char *proposal[PROPOSAL_MAX], 1647c478bd9Sstevel@tonic-gate Kex_hook_func hook); 165*cd7d5fafSJan Pechanec void kex_start(Kex *); 1667c478bd9Sstevel@tonic-gate void kex_finish(Kex *); 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate void kex_send_kexinit(Kex *); 1697c478bd9Sstevel@tonic-gate void kex_input_kexinit(int, u_int32_t, void *); 1707c478bd9Sstevel@tonic-gate void kex_derive_keys(Kex *, u_char *, BIGNUM *); 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate /* XXX Remove after merge of 3.6/7 code is completed */ 1737c478bd9Sstevel@tonic-gate #if 0 1747c478bd9Sstevel@tonic-gate void kexdh(Kex *); 1757c478bd9Sstevel@tonic-gate void kexgex(Kex *); 1767c478bd9Sstevel@tonic-gate #endif 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate Newkeys *kex_get_newkeys(int); 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate void kexdh_client(Kex *); 1817c478bd9Sstevel@tonic-gate void kexdh_server(Kex *); 1827c478bd9Sstevel@tonic-gate void kexgex_client(Kex *); 1837c478bd9Sstevel@tonic-gate void kexgex_server(Kex *); 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate u_char * 1867c478bd9Sstevel@tonic-gate kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, 1877c478bd9Sstevel@tonic-gate BIGNUM *, BIGNUM *, BIGNUM *); 1887c478bd9Sstevel@tonic-gate u_char * 1897c478bd9Sstevel@tonic-gate kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, 1907c478bd9Sstevel@tonic-gate int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate #ifdef GSSAPI 1937c478bd9Sstevel@tonic-gate void kexgss_client(Kex *); 1947c478bd9Sstevel@tonic-gate void kexgss_server(Kex *); 1957c478bd9Sstevel@tonic-gate #endif 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 1987c478bd9Sstevel@tonic-gate void dump_digest(char *, u_char *, int); 1997c478bd9Sstevel@tonic-gate #endif 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate #ifdef __cplusplus 2027c478bd9Sstevel@tonic-gate } 2037c478bd9Sstevel@tonic-gate #endif 2047c478bd9Sstevel@tonic-gate 2057c478bd9Sstevel@tonic-gate #endif /* _KEX_H */ 206