1 /*
2 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24 /*
25 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
30
31 #ifndef _KEX_H
32 #define _KEX_H
33
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37
38 #include <openssl/evp.h>
39 #include <openssl/hmac.h>
40 #include "buffer.h"
41 #include "cipher.h"
42 #include "key.h"
43
44 #ifdef GSSAPI
45 #ifdef SUNW_GSSAPI
46 #include <gssapi/gssapi.h>
47 #include <gssapi/gssapi_ext.h>
48 #else
49 #ifdef GSS_KRB5
50 #ifdef HEIMDAL
51 #include <gssapi.h>
52 #else
53 #include <gssapi_generic.h>
54 #endif /* HEIMDAL */
55 #endif /* GSS_KRB5 */
56 #endif /* SUNW_GSSAPI */
57 #endif /* GSSAPI */
58
59 #define KEX_DH1 "diffie-hellman-group1-sha1"
60 #define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
61
62 enum kex_init_proposals {
63 PROPOSAL_KEX_ALGS,
64 PROPOSAL_SERVER_HOST_KEY_ALGS,
65 PROPOSAL_ENC_ALGS_CTOS,
66 PROPOSAL_ENC_ALGS_STOC,
67 PROPOSAL_MAC_ALGS_CTOS,
68 PROPOSAL_MAC_ALGS_STOC,
69 PROPOSAL_COMP_ALGS_CTOS,
70 PROPOSAL_COMP_ALGS_STOC,
71 PROPOSAL_LANG_CTOS,
72 PROPOSAL_LANG_STOC,
73 PROPOSAL_MAX
74 };
75
76 enum kex_modes {
77 MODE_IN,
78 MODE_OUT,
79 MODE_MAX
80 };
81
82 enum kex_exchange {
83 KEX_DH_GRP1_SHA1,
84 KEX_DH_GEX_SHA1,
85 #ifdef GSSAPI
86 KEX_GSS_GRP1_SHA1,
87 #endif /* GSSAPI */
88 KEX_MAX
89 };
90
91
92 #define KEX_INIT_SENT 0x0001
93
94 typedef struct Kex Kex;
95 typedef struct Mac Mac;
96 typedef struct Comp Comp;
97 typedef struct Enc Enc;
98 typedef struct Newkeys Newkeys;
99
100 struct Enc {
101 char *name;
102 Cipher *cipher;
103 int enabled;
104 u_int key_len;
105 u_int block_size;
106 u_char *key;
107 u_char *iv;
108 };
109 struct Mac {
110 char *name;
111 int enabled;
112 u_int mac_len;
113 u_char *key;
114 u_int key_len;
115 int type;
116 const EVP_MD *evp_md;
117 HMAC_CTX evp_ctx;
118 };
119 struct Comp {
120 int type;
121 int enabled;
122 char *name;
123 };
124 struct Newkeys {
125 Enc enc;
126 Mac mac;
127 Comp comp;
128 };
129
130 struct KexOptions {
131 int gss_deleg_creds;
132 };
133
134 struct Kex {
135 u_char *session_id;
136 u_int session_id_len;
137 Newkeys *newkeys[MODE_MAX];
138 int we_need;
139 int server;
140 char *serverhost;
141 char *name;
142 int hostkey_type;
143 int kex_type;
144 Buffer my;
145 Buffer peer;
146 int initial_kex_done;
147 int done;
148 int flags;
149 char *client_version_string;
150 char *server_version_string;
151 struct KexOptions options;
152 int (*verify_host_key)(Key *);
153 int (*accept_host_key)(Key *); /* for GSS keyex */
154 Key *(*load_host_key)(int);
155 int (*host_key_index)(Key *);
156 void (*kex[KEX_MAX])(Kex *);
157 void (*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */
158 #ifdef GSSAPI
159 gss_OID_set mechs; /* mechs in my proposal */
160 #endif /* GSSAPI */
161 };
162
163 typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */
164
165 Kex *kex_setup(const char *host,
166 char *proposal[PROPOSAL_MAX],
167 Kex_hook_func hook);
168 void kex_start(Kex *);
169 void kex_finish(Kex *);
170
171 void kex_send_kexinit(Kex *);
172 void kex_input_kexinit(int, u_int32_t, void *);
173 void kex_derive_keys(Kex *, u_char *, BIGNUM *);
174
175 Newkeys *kex_get_newkeys(int);
176
177 void kexdh_client(Kex *);
178 void kexdh_server(Kex *);
179 void kexgex_client(Kex *);
180 void kexgex_server(Kex *);
181
182 u_char *
183 kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
184 BIGNUM *, BIGNUM *, BIGNUM *);
185 u_char *
186 kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
187 int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
188
189 #ifdef GSSAPI
190 void kexgss_client(Kex *);
191 void kexgss_server(Kex *);
192 #endif
193
194 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
195 void dump_digest(char *, u_char *, int);
196 #endif
197
198 #ifdef __cplusplus
199 }
200 #endif
201
202 #endif /* _KEX_H */