30 #include "crypto_api.h"
33 # include <openssl/bn.h>
34 # include <openssl/dh.h>
35 # include <openssl/ecdsa.h>
36 # include <openssl/evp.h>
37 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
38 # include <openssl/core_names.h>
39 # include <openssl/param_build.h>
41 # ifdef OPENSSL_HAS_ECC
42 # include <openssl/ec.h>
45 # define EC_GROUP void
46 # define EC_POINT void
52 # define EC_GROUP void
53 # define EC_POINT void
56 #define KEX_COOKIE_LEN 16
58 #define KEX_DH1 "diffie-hellman-group1-sha1"
59 #define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
60 #define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
61 #define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
62 #define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
63 #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
64 #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
65 #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
66 #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
67 #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
68 #define KEX_CURVE25519_SHA256 "curve25519-sha256"
75 #define COMP_DELAYED 2
77 #define CURVE25519_SIZE 32
79 enum kex_init_proposals {
81 PROPOSAL_SERVER_HOST_KEY_ALGS,
82 PROPOSAL_ENC_ALGS_CTOS,
83 PROPOSAL_ENC_ALGS_STOC,
84 PROPOSAL_MAC_ALGS_CTOS,
85 PROPOSAL_MAC_ALGS_STOC,
86 PROPOSAL_COMP_ALGS_CTOS,
87 PROPOSAL_COMP_ALGS_STOC,
109 KEX_KEM_SNTRUP761X25519_SHA512,
113 KEX_GSS_GRP14_SHA256,
114 KEX_GSS_GRP16_SHA512,
116 KEX_GSS_NISTP256_SHA256,
117 KEX_GSS_C25519_SHA256,
123 #define KEX_INIT_SENT 0x0001
124 #define KEX_INITIAL 0x0002
125 #define KEX_HAS_PUBKEY_HOSTBOUND 0x0004
126 #define KEX_RSA_SHA2_256_SUPPORTED 0x0008
127 #define KEX_RSA_SHA2_512_SUPPORTED 0x0010
131 const struct sshcipher *cipher;
154 struct newkeys *newkeys[MODE_MAX];
163 char *server_sig_algs;
167 struct sshbuf *client_version;
168 struct sshbuf *server_version;
169 struct sshbuf *session_id;
170 struct sshbuf *initial_sig;
171 struct sshkey *initial_hostkey;
183 int (*verify_host_key)(
struct sshkey *,
struct ssh *);
184 struct sshkey *(*load_host_public_key)(int, int,
struct ssh *);
185 struct sshkey *(*load_host_private_key)(int, int,
struct ssh *);
186 int (*host_key_index)(
struct sshkey *, int,
struct ssh *);
187 int (*sign)(
struct ssh *,
struct sshkey *,
struct sshkey *,
188 u_char **,
size_t *,
const u_char *, size_t,
const char *);
189 int (*kex[KEX_MAX])(
struct ssh *);
192 u_int min, max, nbits;
193 EC_KEY *ec_client_key;
194 const EC_GROUP *ec_group;
195 u_char c25519_client_key[CURVE25519_SIZE];
196 u_char c25519_client_pubkey[CURVE25519_SIZE];
197 u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES];
198 struct sshbuf *client_pub;
201 int kex_names_valid(
const char *);
202 char *kex_alg_list(
char);
203 char *kex_gss_alg_list(
char);
204 char *kex_names_cat(
const char *,
const char *);
205 int kex_assemble_names(
char **,
const char *,
const char *);
206 int kex_gss_names_valid(
const char *);
207 void kex_proposal_populate_entries(
struct ssh *,
char *prop[PROPOSAL_MAX],
208 const char *,
const char *,
const char *,
const char *,
const char *);
209 void kex_proposal_free_entries(
char *prop[PROPOSAL_MAX]);
211 int kex_exchange_identification(
struct ssh *,
int,
const char *);
213 struct kex *kex_new(
void);
214 int kex_ready(
struct ssh *,
char *[PROPOSAL_MAX]);
215 int kex_setup(
struct ssh *,
char *[PROPOSAL_MAX]);
216 void kex_free_newkeys(
struct newkeys *);
217 void kex_free(
struct kex *);
219 int kex_buf2prop(
struct sshbuf *,
int *,
char ***);
220 int kex_prop2buf(
struct sshbuf *,
char *proposal[PROPOSAL_MAX]);
221 void kex_prop_free(
char **);
222 int kex_load_hostkey(
struct ssh *,
struct sshkey **,
struct sshkey **);
223 int kex_verify_host_key(
struct ssh *,
struct sshkey *);
225 int kex_send_kexinit(
struct ssh *);
226 int kex_input_kexinit(
int, u_int32_t,
struct ssh *);
227 int kex_input_ext_info(
int, u_int32_t,
struct ssh *);
228 int kex_protocol_error(
int, u_int32_t,
struct ssh *);
229 int kex_derive_keys(
struct ssh *, u_char *, u_int,
const struct sshbuf *);
230 int kex_send_newkeys(
struct ssh *);
231 int kex_start_rekex(
struct ssh *);
233 int kexgex_client(
struct ssh *);
234 int kexgex_server(
struct ssh *);
235 int kex_gen_client(
struct ssh *);
236 int kex_gen_server(
struct ssh *);
237 #if defined(GSSAPI) && defined(WITH_OPENSSL)
238 int kexgssgex_client(
struct ssh *);
239 int kexgssgex_server(
struct ssh *);
240 int kexgss_client(
struct ssh *);
241 int kexgss_server(
struct ssh *);
244 void newkeys_destroy(
struct newkeys *newkeys);
246 int kex_dh_keypair(
struct kex *);
247 int kex_dh_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
249 int kex_dh_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
251 int kex_ecdh_keypair(
struct kex *);
252 int kex_ecdh_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
254 int kex_ecdh_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
256 int kex_c25519_keypair(
struct kex *);
257 int kex_c25519_enc(
struct kex *,
const struct sshbuf *,
struct sshbuf **,
259 int kex_c25519_dec(
struct kex *,
const struct sshbuf *,
struct sshbuf **);
261 int kex_kem_sntrup761x25519_keypair(
struct kex *);
262 int kex_kem_sntrup761x25519_enc(
struct kex *,
const struct sshbuf *,
263 struct sshbuf **,
struct sshbuf **);
264 int kex_kem_sntrup761x25519_dec(
struct kex *,
const struct sshbuf *,
267 int kex_dh_keygen(
struct kex *);
268 int kex_dh_compute_key(
struct kex *, BIGNUM *,
struct sshbuf *);
270 int kexgex_hash(
int,
const struct sshbuf *,
const struct sshbuf *,
271 const struct sshbuf *,
const struct sshbuf *,
const struct sshbuf *,
273 const BIGNUM *,
const BIGNUM *,
const BIGNUM *,
274 const BIGNUM *,
const u_char *,
size_t,
277 int kex_gen_hash(
int hash_alg,
const struct sshbuf *client_version,
278 const struct sshbuf *server_version,
const struct sshbuf *client_kexinit,
279 const struct sshbuf *server_kexinit,
const struct sshbuf *server_host_key_blob,
280 const struct sshbuf *client_pub,
const struct sshbuf *server_pub,
281 const struct sshbuf *shared_secret, u_char *hash,
size_t *hashlen);
283 void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
284 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
285 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
286 int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
287 const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
288 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
289 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
290 int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
291 const u_char pub[CURVE25519_SIZE], struct sshbuf *out,
int)
292 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
293 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
294 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
295 int kex_create_evp_dh(EVP_PKEY **,
const BIGNUM *,
const BIGNUM *,
296 const BIGNUM *,
const BIGNUM *,
const BIGNUM *);
299 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
300 void dump_digest(
const char *,
const u_char *,
int);
303 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)