version 1.33.2.1, 2001/09/27 19:03:54 |
version 1.33.2.2, 2002/03/09 00:20:44 |
|
|
} |
} |
|
|
static void |
static void |
kex_protocol_error(int type, int plen, void *ctxt) |
kex_protocol_error(int type, u_int32_t seq, void *ctxt) |
{ |
{ |
error("Hm, kex protocol error: type %d plen %d", type, plen); |
error("Hm, kex protocol error: type %d seq %u", type, seq); |
} |
} |
|
|
static void |
static void |
kex_clear_dispatch(void) |
kex_reset_dispatch(void) |
{ |
{ |
int i; |
dispatch_range(SSH2_MSG_TRANSPORT_MIN, |
|
SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); |
/* Numbers 30-49 are used for kex packets */ |
dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); |
for (i = 30; i <= 49; i++) |
|
dispatch_set(i, &kex_protocol_error); |
|
} |
} |
|
|
void |
void |
kex_finish(Kex *kex) |
kex_finish(Kex *kex) |
{ |
{ |
int plen; |
kex_reset_dispatch(); |
|
|
kex_clear_dispatch(); |
|
|
|
packet_start(SSH2_MSG_NEWKEYS); |
packet_start(SSH2_MSG_NEWKEYS); |
packet_send(); |
packet_send(); |
/* packet_write_wait(); */ |
/* packet_write_wait(); */ |
debug("SSH2_MSG_NEWKEYS sent"); |
debug("SSH2_MSG_NEWKEYS sent"); |
|
|
debug("waiting for SSH2_MSG_NEWKEYS"); |
debug("waiting for SSH2_MSG_NEWKEYS"); |
packet_read_expect(&plen, SSH2_MSG_NEWKEYS); |
packet_read_expect(SSH2_MSG_NEWKEYS); |
|
packet_check_eom(); |
debug("SSH2_MSG_NEWKEYS received"); |
debug("SSH2_MSG_NEWKEYS received"); |
|
|
kex->done = 1; |
kex->done = 1; |
|
|
} |
} |
|
|
void |
void |
kex_input_kexinit(int type, int plen, void *ctxt) |
kex_input_kexinit(int type, u_int32_t seq, void *ctxt) |
{ |
{ |
char *ptr; |
char *ptr; |
int dlen; |
int dlen; |
|
|
xfree(packet_get_string(NULL)); |
xfree(packet_get_string(NULL)); |
packet_get_char(); |
packet_get_char(); |
packet_get_int(); |
packet_get_int(); |
packet_done(); |
packet_check_eom(); |
|
|
kex_kexinit_finish(kex); |
kex_kexinit_finish(kex); |
} |
} |
|
|
kex->done = 0; |
kex->done = 0; |
|
|
kex_send_kexinit(kex); /* we start */ |
kex_send_kexinit(kex); /* we start */ |
kex_clear_dispatch(); |
kex_reset_dispatch(); |
dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); |
|
|
|
return kex; |
return kex; |
} |
} |
|
|
|
|
kex_choose_conf(kex); |
kex_choose_conf(kex); |
|
|
switch(kex->kex_type) { |
switch (kex->kex_type) { |
case DH_GRP1_SHA1: |
case DH_GRP1_SHA1: |
kexdh(kex); |
kexdh(kex); |
break; |
break; |
|
|
char *name = match_list(client, server, NULL); |
char *name = match_list(client, server, NULL); |
if (name == NULL) |
if (name == NULL) |
fatal("no matching cipher found: client %s server %s", client, server); |
fatal("no matching cipher found: client %s server %s", client, server); |
enc->cipher = cipher_by_name(name); |
if ((enc->cipher = cipher_by_name(name)) == NULL) |
if (enc->cipher == NULL) |
|
fatal("matching cipher is not supported: %s", name); |
fatal("matching cipher is not supported: %s", name); |
enc->name = name; |
enc->name = name; |
enc->enabled = 0; |
enc->enabled = 0; |
enc->iv = NULL; |
enc->iv = NULL; |
enc->key = NULL; |
enc->key = NULL; |
|
enc->key_len = cipher_keylen(enc->cipher); |
|
enc->block_size = cipher_blocksize(enc->cipher); |
} |
} |
static void |
static void |
choose_mac(Mac *mac, char *client, char *server) |
choose_mac(Mac *mac, char *client, char *server) |
|
|
need = 0; |
need = 0; |
for (mode = 0; mode < MODE_MAX; mode++) { |
for (mode = 0; mode < MODE_MAX; mode++) { |
newkeys = kex->newkeys[mode]; |
newkeys = kex->newkeys[mode]; |
if (need < newkeys->enc.cipher->key_len) |
if (need < newkeys->enc.key_len) |
need = newkeys->enc.cipher->key_len; |
need = newkeys->enc.key_len; |
if (need < newkeys->enc.cipher->block_size) |
if (need < newkeys->enc.block_size) |
need = newkeys->enc.cipher->block_size; |
need = newkeys->enc.block_size; |
if (need < newkeys->mac.key_len) |
if (need < newkeys->mac.key_len) |
need = newkeys->mac.key_len; |
need = newkeys->mac.key_len; |
} |
} |
|
|
derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) |
derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) |
{ |
{ |
Buffer b; |
Buffer b; |
EVP_MD *evp_md = EVP_sha1(); |
const EVP_MD *evp_md = EVP_sha1(); |
EVP_MD_CTX md; |
EVP_MD_CTX md; |
char c = id; |
char c = id; |
int have; |
int have; |
int mdsz = evp_md->md_size; |
int mdsz = EVP_MD_size(evp_md); |
u_char *digest = xmalloc(roundup(need, mdsz)); |
u_char *digest = xmalloc(roundup(need, mdsz)); |
|
|
buffer_init(&b); |
buffer_init(&b); |
|
|
int i; |
int i; |
|
|
fprintf(stderr, "%s\n", msg); |
fprintf(stderr, "%s\n", msg); |
for (i = 0; i< len; i++){ |
for (i = 0; i< len; i++) { |
fprintf(stderr, "%02x", digest[i]); |
fprintf(stderr, "%02x", digest[i]); |
if (i%32 == 31) |
if (i%32 == 31) |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |