10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 50Sstevel@tonic-gate * modification, are permitted provided that the following conditions 60Sstevel@tonic-gate * are met: 70Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright 80Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 90Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 100Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the 110Sstevel@tonic-gate * documentation and/or other materials provided with the distribution. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 140Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 150Sstevel@tonic-gate * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 160Sstevel@tonic-gate * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 170Sstevel@tonic-gate * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 180Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 190Sstevel@tonic-gate * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 200Sstevel@tonic-gate * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 210Sstevel@tonic-gate * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 220Sstevel@tonic-gate * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 230Sstevel@tonic-gate */ 247574SJan.Pechanec@Sun.COM /* 25*9486SJan.Pechanec@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 267574SJan.Pechanec@Sun.COM * Use is subject to license terms. 277574SJan.Pechanec@Sun.COM */ 287574SJan.Pechanec@Sun.COM 297574SJan.Pechanec@Sun.COM /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ 307574SJan.Pechanec@Sun.COM 317574SJan.Pechanec@Sun.COM #ifndef _KEX_H 327574SJan.Pechanec@Sun.COM #define _KEX_H 337574SJan.Pechanec@Sun.COM 347574SJan.Pechanec@Sun.COM #ifdef __cplusplus 357574SJan.Pechanec@Sun.COM extern "C" { 367574SJan.Pechanec@Sun.COM #endif 370Sstevel@tonic-gate 380Sstevel@tonic-gate #include <openssl/evp.h> 39*9486SJan.Pechanec@Sun.COM #include <openssl/hmac.h> 400Sstevel@tonic-gate #include "buffer.h" 410Sstevel@tonic-gate #include "cipher.h" 420Sstevel@tonic-gate #include "key.h" 430Sstevel@tonic-gate 440Sstevel@tonic-gate #ifdef GSSAPI 450Sstevel@tonic-gate #ifdef SUNW_GSSAPI 460Sstevel@tonic-gate #include <gssapi/gssapi.h> 470Sstevel@tonic-gate #include <gssapi/gssapi_ext.h> 480Sstevel@tonic-gate #else 490Sstevel@tonic-gate #ifdef GSS_KRB5 500Sstevel@tonic-gate #ifdef HEIMDAL 510Sstevel@tonic-gate #include <gssapi.h> 520Sstevel@tonic-gate #else 530Sstevel@tonic-gate #include <gssapi_generic.h> 540Sstevel@tonic-gate #endif /* HEIMDAL */ 550Sstevel@tonic-gate #endif /* GSS_KRB5 */ 560Sstevel@tonic-gate #endif /* SUNW_GSSAPI */ 570Sstevel@tonic-gate #endif /* GSSAPI */ 580Sstevel@tonic-gate 590Sstevel@tonic-gate #define KEX_DH1 "diffie-hellman-group1-sha1" 600Sstevel@tonic-gate #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 610Sstevel@tonic-gate 620Sstevel@tonic-gate enum kex_init_proposals { 630Sstevel@tonic-gate PROPOSAL_KEX_ALGS, 640Sstevel@tonic-gate PROPOSAL_SERVER_HOST_KEY_ALGS, 650Sstevel@tonic-gate PROPOSAL_ENC_ALGS_CTOS, 660Sstevel@tonic-gate PROPOSAL_ENC_ALGS_STOC, 670Sstevel@tonic-gate PROPOSAL_MAC_ALGS_CTOS, 680Sstevel@tonic-gate PROPOSAL_MAC_ALGS_STOC, 690Sstevel@tonic-gate PROPOSAL_COMP_ALGS_CTOS, 700Sstevel@tonic-gate PROPOSAL_COMP_ALGS_STOC, 710Sstevel@tonic-gate PROPOSAL_LANG_CTOS, 720Sstevel@tonic-gate PROPOSAL_LANG_STOC, 730Sstevel@tonic-gate PROPOSAL_MAX 740Sstevel@tonic-gate }; 750Sstevel@tonic-gate 760Sstevel@tonic-gate enum kex_modes { 770Sstevel@tonic-gate MODE_IN, 780Sstevel@tonic-gate MODE_OUT, 790Sstevel@tonic-gate MODE_MAX 800Sstevel@tonic-gate }; 810Sstevel@tonic-gate 820Sstevel@tonic-gate enum kex_exchange { 830Sstevel@tonic-gate KEX_DH_GRP1_SHA1, 840Sstevel@tonic-gate KEX_DH_GEX_SHA1, 850Sstevel@tonic-gate #ifdef GSSAPI 860Sstevel@tonic-gate KEX_GSS_GRP1_SHA1, 870Sstevel@tonic-gate #endif /* GSSAPI */ 880Sstevel@tonic-gate KEX_MAX 890Sstevel@tonic-gate }; 900Sstevel@tonic-gate 910Sstevel@tonic-gate 920Sstevel@tonic-gate #define KEX_INIT_SENT 0x0001 930Sstevel@tonic-gate 940Sstevel@tonic-gate typedef struct Kex Kex; 950Sstevel@tonic-gate typedef struct Mac Mac; 960Sstevel@tonic-gate typedef struct Comp Comp; 970Sstevel@tonic-gate typedef struct Enc Enc; 980Sstevel@tonic-gate typedef struct Newkeys Newkeys; 990Sstevel@tonic-gate 1000Sstevel@tonic-gate struct Enc { 1010Sstevel@tonic-gate char *name; 1020Sstevel@tonic-gate Cipher *cipher; 1030Sstevel@tonic-gate int enabled; 1040Sstevel@tonic-gate u_int key_len; 1050Sstevel@tonic-gate u_int block_size; 1060Sstevel@tonic-gate u_char *key; 1070Sstevel@tonic-gate u_char *iv; 1080Sstevel@tonic-gate }; 1090Sstevel@tonic-gate struct Mac { 110*9486SJan.Pechanec@Sun.COM char *name; 111*9486SJan.Pechanec@Sun.COM int enabled; 112*9486SJan.Pechanec@Sun.COM u_int mac_len; 113*9486SJan.Pechanec@Sun.COM u_char *key; 114*9486SJan.Pechanec@Sun.COM u_int key_len; 115*9486SJan.Pechanec@Sun.COM int type; 116*9486SJan.Pechanec@Sun.COM const EVP_MD *evp_md; 117*9486SJan.Pechanec@Sun.COM HMAC_CTX evp_ctx; 1180Sstevel@tonic-gate }; 1190Sstevel@tonic-gate struct Comp { 1200Sstevel@tonic-gate int type; 1210Sstevel@tonic-gate int enabled; 1220Sstevel@tonic-gate char *name; 1230Sstevel@tonic-gate }; 1240Sstevel@tonic-gate struct Newkeys { 1250Sstevel@tonic-gate Enc enc; 1260Sstevel@tonic-gate Mac mac; 1270Sstevel@tonic-gate Comp comp; 1280Sstevel@tonic-gate }; 1290Sstevel@tonic-gate 1300Sstevel@tonic-gate struct KexOptions { 1310Sstevel@tonic-gate int gss_deleg_creds; 1320Sstevel@tonic-gate }; 1330Sstevel@tonic-gate 1340Sstevel@tonic-gate struct Kex { 1350Sstevel@tonic-gate u_char *session_id; 1360Sstevel@tonic-gate u_int session_id_len; 1370Sstevel@tonic-gate Newkeys *newkeys[MODE_MAX]; 1380Sstevel@tonic-gate int we_need; 1390Sstevel@tonic-gate int server; 1400Sstevel@tonic-gate char *serverhost; 1410Sstevel@tonic-gate char *name; 1420Sstevel@tonic-gate int hostkey_type; 1430Sstevel@tonic-gate int kex_type; 1440Sstevel@tonic-gate Buffer my; 1450Sstevel@tonic-gate Buffer peer; 1460Sstevel@tonic-gate int initial_kex_done; 1470Sstevel@tonic-gate int done; 1480Sstevel@tonic-gate int flags; 1490Sstevel@tonic-gate char *client_version_string; 1500Sstevel@tonic-gate char *server_version_string; 1510Sstevel@tonic-gate struct KexOptions options; 1520Sstevel@tonic-gate int (*verify_host_key)(Key *); 1530Sstevel@tonic-gate int (*accept_host_key)(Key *); /* for GSS keyex */ 1540Sstevel@tonic-gate Key *(*load_host_key)(int); 1550Sstevel@tonic-gate int (*host_key_index)(Key *); 1560Sstevel@tonic-gate void (*kex[KEX_MAX])(Kex *); 1570Sstevel@tonic-gate void (*kex_hook)(Kex *, char **); /* for GSS keyex rekeying */ 1580Sstevel@tonic-gate #ifdef GSSAPI 1590Sstevel@tonic-gate gss_OID_set mechs; /* mechs in my proposal */ 1600Sstevel@tonic-gate #endif /* GSSAPI */ 1610Sstevel@tonic-gate }; 1620Sstevel@tonic-gate 1630Sstevel@tonic-gate typedef void (*Kex_hook_func)(Kex *, char **); /* for GSS-API rekeying */ 1640Sstevel@tonic-gate 1650Sstevel@tonic-gate Kex *kex_setup(const char *host, 1660Sstevel@tonic-gate char *proposal[PROPOSAL_MAX], 1670Sstevel@tonic-gate Kex_hook_func hook); 1687574SJan.Pechanec@Sun.COM void kex_start(Kex *); 1690Sstevel@tonic-gate void kex_finish(Kex *); 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate void kex_send_kexinit(Kex *); 1720Sstevel@tonic-gate void kex_input_kexinit(int, u_int32_t, void *); 1730Sstevel@tonic-gate void kex_derive_keys(Kex *, u_char *, BIGNUM *); 1740Sstevel@tonic-gate 1750Sstevel@tonic-gate Newkeys *kex_get_newkeys(int); 1760Sstevel@tonic-gate 1770Sstevel@tonic-gate void kexdh_client(Kex *); 1780Sstevel@tonic-gate void kexdh_server(Kex *); 1790Sstevel@tonic-gate void kexgex_client(Kex *); 1800Sstevel@tonic-gate void kexgex_server(Kex *); 1810Sstevel@tonic-gate 1820Sstevel@tonic-gate u_char * 1830Sstevel@tonic-gate kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, 1840Sstevel@tonic-gate BIGNUM *, BIGNUM *, BIGNUM *); 1850Sstevel@tonic-gate u_char * 1860Sstevel@tonic-gate kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, 1870Sstevel@tonic-gate int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); 1880Sstevel@tonic-gate 1890Sstevel@tonic-gate #ifdef GSSAPI 1900Sstevel@tonic-gate void kexgss_client(Kex *); 1910Sstevel@tonic-gate void kexgss_server(Kex *); 1920Sstevel@tonic-gate #endif 1930Sstevel@tonic-gate 1940Sstevel@tonic-gate #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 1950Sstevel@tonic-gate void dump_digest(char *, u_char *, int); 1960Sstevel@tonic-gate #endif 1970Sstevel@tonic-gate 1980Sstevel@tonic-gate #ifdef __cplusplus 1990Sstevel@tonic-gate } 2000Sstevel@tonic-gate #endif 2010Sstevel@tonic-gate 2020Sstevel@tonic-gate #endif /* _KEX_H */ 203