+/* $OpenBSD: kex.h,v 1.31 2002/05/16 22:02:50 markus Exp $ */
+
/*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Markus Friedl.
- * 4. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
#ifndef KEX_H
#define KEX_H
-#define KEX_DH1 "diffie-hellman-group1-sha1"
-#define KEX_DSS "ssh-dss"
+#include <openssl/evp.h>
+#include "buffer.h"
+#include "cipher.h"
+#include "key.h"
+
+#define KEX_DH1 "diffie-hellman-group1-sha1"
+#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
MODE_MAX
};
+enum kex_exchange {
+ DH_GRP1_SHA1,
+ DH_GEX_SHA1
+};
+
+#define KEX_INIT_SENT 0x0001
+
typedef struct Kex Kex;
typedef struct Mac Mac;
typedef struct Comp Comp;
typedef struct Enc Enc;
+typedef struct Newkeys Newkeys;
struct Enc {
- int type;
- int enabled;
- int block_size;
- unsigned char *key;
- unsigned char *iv;
- int key_len;
- int iv_len;
- char *name;
+ char *name;
+ Cipher *cipher;
+ int enabled;
+ u_int key_len;
+ u_int block_size;
+ u_char *key;
+ u_char *iv;
};
struct Mac {
- EVP_MD *md;
- int enabled;
- int mac_len;
- unsigned char *key;
- int key_len;
- char *name;
+ char *name;
+ int enabled;
+ const EVP_MD *md;
+ int mac_len;
+ u_char *key;
+ int key_len;
};
struct Comp {
- int type;
- int enabled;
- char *name;
+ int type;
+ int enabled;
+ char *name;
+};
+struct Newkeys {
+ Enc enc;
+ Mac mac;
+ Comp comp;
};
struct Kex {
- Enc enc [MODE_MAX];
- Mac mac [MODE_MAX];
- Comp comp[MODE_MAX];
- int we_need;
- int server;
- char *name;
- char *hostkeyalg;
+ u_char *session_id;
+ int session_id_len;
+ Newkeys *newkeys[MODE_MAX];
+ int we_need;
+ int server;
+ char *name;
+ int hostkey_type;
+ int kex_type;
+ Buffer my;
+ Buffer peer;
+ int done;
+ int flags;
+ char *client_version_string;
+ char *server_version_string;
+ int (*verify_host_key)(Key *);
+ Key *(*load_host_key)(int);
+ int (*host_key_index)(Key *);
};
-Buffer *kex_init(char *myproposal[PROPOSAL_MAX]);
-DH *new_dh_group1();
-Kex *kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server);
-int kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret);
-void bignum_print(BIGNUM *b);
-void packet_set_kex(Kex *k);
+Kex *kex_setup(char *[PROPOSAL_MAX]);
+void kex_finish(Kex *);
+
+void kex_send_kexinit(Kex *);
+void kex_input_kexinit(int, u_int32_t, void *);
+void kex_derive_keys(Kex *, u_char *, BIGNUM *);
+
+void kexdh(Kex *);
+void kexgex(Kex *);
-unsigned char *
-kex_hash(
- char *client_version_string,
- char *server_version_string,
- char *ckexinit, int ckexinitlen,
- char *skexinit, int skexinitlen,
- char *serverhostkeyblob, int sbloblen,
- BIGNUM *client_dh_pub,
- BIGNUM *server_dh_pub,
- BIGNUM *shared_secret);
+Newkeys *kex_get_newkeys(int);
+
+#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
+void dump_digest(char *, u_char *, int);
+#endif
#endif