upstream commit
adapt kex to sshbuf and struct ssh; ok djm@
diff --git a/kex.h b/kex.h
index 1f7c824..1798eea 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.68 2015/01/19 20:07:45 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.69 2015/01/19 20:16:15 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -30,8 +30,8 @@
#include "buffer.h" /* XXX for typedef */
#include "key.h" /* XXX for typedef */
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-#include <openssl/ec.h>
+#ifdef WITH_LEAKMALLOC
+#include "leakmalloc.h"
#endif
#define KEX_COOKIE_LEN 16
@@ -50,6 +50,8 @@
#define COMP_ZLIB 1
#define COMP_DELAYED 2
+#define CURVE25519_SIZE 32
+
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -82,12 +84,6 @@
#define KEX_INIT_SENT 0x0001
-typedef struct kex Kex;
-typedef struct sshcomp Comp;
-typedef struct sshmac Mac;
-typedef struct sshenc Enc;
-typedef struct newkeys Newkeys;
-
struct sshenc {
char *name;
const struct sshcipher *cipher;
@@ -106,8 +102,11 @@
struct newkeys {
struct sshenc enc;
struct sshmac mac;
- struct sshcomp comp;
+ struct sshcomp comp;
};
+
+struct ssh;
+
struct kex {
u_char *session_id;
size_t session_id_len;
@@ -117,73 +116,87 @@
int server;
char *name;
int hostkey_type;
- int kex_type;
+ u_int kex_type;
int roaming;
struct sshbuf *my;
struct sshbuf *peer;
sig_atomic_t done;
- int flags;
+ u_int flags;
int hash_alg;
int ec_nid;
char *client_version_string;
char *server_version_string;
- int (*verify_host_key)(Key *);
- Key *(*load_host_public_key)(int);
- Key *(*load_host_private_key)(int);
- int (*host_key_index)(Key *);
- void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
- void (*kex[KEX_MAX])(Kex *);
+ int (*verify_host_key)(struct sshkey *, struct ssh *);
+ struct sshkey *(*load_host_public_key)(int, struct ssh *);
+ struct sshkey *(*load_host_private_key)(int, struct ssh *);
+ int (*host_key_index)(struct sshkey *, struct ssh *);
+ int (*sign)(struct sshkey *, struct sshkey *,
+ u_char **, size_t *, u_char *, size_t, u_int);
+ int (*kex[KEX_MAX])(struct ssh *);
+ /* kex specific state */
+ DH *dh; /* DH */
+ u_int min, max, nbits; /* GEX */
+ EC_KEY *ec_client_key; /* ECDH */
+ const EC_GROUP *ec_group; /* ECDH */
+ u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+ u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
};
int kex_names_valid(const char *);
char *kex_alg_list(char);
-Kex *kex_setup(char *[PROPOSAL_MAX]);
-void kex_finish(Kex *);
-void kex_free_newkeys(struct newkeys *);
+int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
+int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
+void kex_free_newkeys(struct newkeys *);
+void kex_free(struct kex *);
-void kex_send_kexinit(Kex *);
+int kex_buf2prop(struct sshbuf *, int *, char ***);
+int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
+void kex_prop_free(char **);
+
+int kex_send_kexinit(struct ssh *);
int kex_input_kexinit(int, u_int32_t, void *);
-void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
-void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
+int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
+int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
+int kex_send_newkeys(struct ssh *);
-void kexdh_client(Kex *);
-void kexdh_server(Kex *);
-void kexgex_client(Kex *);
-void kexgex_server(Kex *);
-void kexecdh_client(Kex *);
-void kexecdh_server(Kex *);
-void kexc25519_client(Kex *);
-void kexc25519_server(Kex *);
+int kexdh_client(struct ssh *);
+int kexdh_server(struct ssh *);
+int kexgex_client(struct ssh *);
+int kexgex_server(struct ssh *);
+int kexecdh_client(struct ssh *);
+int kexecdh_server(struct ssh *);
+int kexc25519_client(struct ssh *);
+int kexc25519_server(struct ssh *);
-void
-kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
- BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-void
-kexgex_hash(int, char *, char *, char *, int, char *,
- int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
- BIGNUM *, BIGNUM *, u_char **, u_int *);
-#ifdef OPENSSL_HAS_ECC
-void
-kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
- char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
- const BIGNUM *, u_char **, u_int *);
-#endif
-void
-kex_c25519_hash(int, char *, char *, char *, int,
- char *, int, u_char *, int, const u_char *, const u_char *,
- const u_char *, u_int, u_char **, u_int *);
+int kex_dh_hash(const char *, const char *,
+ const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+ const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
-#define CURVE25519_SIZE 32
-void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
+int kexgex_hash(int, const char *, const char *,
+ const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+ int, int, int,
+ const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, const BIGNUM *,
+ u_char *, size_t *);
+
+int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
+ const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+ const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
+
+int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
+ const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
+ const u_char *, size_t, u_char *, size_t *);
+
+void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
- const u_char pub[CURVE25519_SIZE], Buffer *out)
+int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+ const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-void
+int
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)