version 1.68, 2015/01/19 20:07:45 |
version 1.69, 2015/01/19 20:16:15 |
|
|
#include "buffer.h" /* XXX for typedef */ |
#include "buffer.h" /* XXX for typedef */ |
#include "key.h" /* XXX for typedef */ |
#include "key.h" /* XXX for typedef */ |
|
|
|
#ifdef WITH_LEAKMALLOC |
|
#include "leakmalloc.h" |
|
#endif |
|
|
#define KEX_COOKIE_LEN 16 |
#define KEX_COOKIE_LEN 16 |
|
|
#define KEX_DH1 "diffie-hellman-group1-sha1" |
#define KEX_DH1 "diffie-hellman-group1-sha1" |
|
|
#define COMP_ZLIB 1 |
#define COMP_ZLIB 1 |
#define COMP_DELAYED 2 |
#define COMP_DELAYED 2 |
|
|
|
#define CURVE25519_SIZE 32 |
|
|
enum kex_init_proposals { |
enum kex_init_proposals { |
PROPOSAL_KEX_ALGS, |
PROPOSAL_KEX_ALGS, |
PROPOSAL_SERVER_HOST_KEY_ALGS, |
PROPOSAL_SERVER_HOST_KEY_ALGS, |
|
|
|
|
#define KEX_INIT_SENT 0x0001 |
#define KEX_INIT_SENT 0x0001 |
|
|
typedef struct kex Kex; |
|
typedef struct sshcomp Comp; |
|
typedef struct sshmac Mac; |
|
typedef struct sshenc Enc; |
|
typedef struct newkeys Newkeys; |
|
|
|
struct sshenc { |
struct sshenc { |
char *name; |
char *name; |
const struct sshcipher *cipher; |
const struct sshcipher *cipher; |
|
|
struct newkeys { |
struct newkeys { |
struct sshenc enc; |
struct sshenc enc; |
struct sshmac mac; |
struct sshmac mac; |
struct sshcomp comp; |
struct sshcomp comp; |
}; |
}; |
|
|
|
struct ssh; |
|
|
struct kex { |
struct kex { |
u_char *session_id; |
u_char *session_id; |
size_t session_id_len; |
size_t session_id_len; |
|
|
int server; |
int server; |
char *name; |
char *name; |
int hostkey_type; |
int hostkey_type; |
int kex_type; |
u_int kex_type; |
int roaming; |
int roaming; |
struct sshbuf *my; |
struct sshbuf *my; |
struct sshbuf *peer; |
struct sshbuf *peer; |
sig_atomic_t done; |
sig_atomic_t done; |
int flags; |
u_int flags; |
int hash_alg; |
int hash_alg; |
int ec_nid; |
int ec_nid; |
char *client_version_string; |
char *client_version_string; |
char *server_version_string; |
char *server_version_string; |
int (*verify_host_key)(Key *); |
int (*verify_host_key)(struct sshkey *, struct ssh *); |
Key *(*load_host_public_key)(int); |
struct sshkey *(*load_host_public_key)(int, struct ssh *); |
Key *(*load_host_private_key)(int); |
struct sshkey *(*load_host_private_key)(int, struct ssh *); |
int (*host_key_index)(Key *); |
int (*host_key_index)(struct sshkey *, struct ssh *); |
void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int); |
int (*sign)(struct sshkey *, struct sshkey *, |
void (*kex[KEX_MAX])(Kex *); |
u_char **, size_t *, u_char *, size_t, u_int); |
|
int (*kex[KEX_MAX])(struct ssh *); |
|
/* kex specific state */ |
|
DH *dh; /* DH */ |
|
u_int min, max, nbits; /* GEX */ |
|
EC_KEY *ec_client_key; /* ECDH */ |
|
const EC_GROUP *ec_group; /* ECDH */ |
|
u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ |
|
u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ |
}; |
}; |
|
|
int kex_names_valid(const char *); |
int kex_names_valid(const char *); |
char *kex_alg_list(char); |
char *kex_alg_list(char); |
|
|
Kex *kex_setup(char *[PROPOSAL_MAX]); |
int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); |
void kex_finish(Kex *); |
int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); |
void kex_free_newkeys(struct newkeys *); |
void kex_free_newkeys(struct newkeys *); |
|
void kex_free(struct kex *); |
|
|
void kex_send_kexinit(Kex *); |
int kex_buf2prop(struct sshbuf *, int *, char ***); |
|
int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); |
|
void kex_prop_free(char **); |
|
|
|
int kex_send_kexinit(struct ssh *); |
int kex_input_kexinit(int, u_int32_t, void *); |
int kex_input_kexinit(int, u_int32_t, void *); |
void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int); |
int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); |
void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *); |
int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); |
|
int kex_send_newkeys(struct ssh *); |
|
|
void kexdh_client(Kex *); |
int kexdh_client(struct ssh *); |
void kexdh_server(Kex *); |
int kexdh_server(struct ssh *); |
void kexgex_client(Kex *); |
int kexgex_client(struct ssh *); |
void kexgex_server(Kex *); |
int kexgex_server(struct ssh *); |
void kexecdh_client(Kex *); |
int kexecdh_client(struct ssh *); |
void kexecdh_server(Kex *); |
int kexecdh_server(struct ssh *); |
void kexc25519_client(Kex *); |
int kexc25519_client(struct ssh *); |
void kexc25519_server(Kex *); |
int kexc25519_server(struct ssh *); |
|
|
void |
int kex_dh_hash(const char *, const char *, |
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, |
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); |
const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); |
void |
|
kexgex_hash(int, char *, char *, char *, int, char *, |
|
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, |
|
BIGNUM *, BIGNUM *, u_char **, u_int *); |
|
void |
|
kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int, |
|
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, |
|
const BIGNUM *, u_char **, u_int *); |
|
void |
|
kex_c25519_hash(int, char *, char *, char *, int, |
|
char *, int, u_char *, int, const u_char *, const u_char *, |
|
const u_char *, u_int, u_char **, u_int *); |
|
|
|
#define CURVE25519_SIZE 32 |
int kexgex_hash(int, const char *, const char *, |
void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) |
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
|
int, int, int, |
|
const BIGNUM *, const BIGNUM *, const BIGNUM *, |
|
const BIGNUM *, const BIGNUM *, |
|
u_char *, size_t *); |
|
|
|
int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, |
|
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
|
const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); |
|
|
|
int kex_c25519_hash(int, const char *, const char *, const char *, size_t, |
|
const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, |
|
const u_char *, size_t, u_char *, size_t *); |
|
|
|
void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) |
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
void kexc25519_shared_key(const u_char key[CURVE25519_SIZE], |
int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], |
const u_char pub[CURVE25519_SIZE], Buffer *out) |
const u_char pub[CURVE25519_SIZE], struct sshbuf *out) |
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
|
|
void |
int |
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |
|
|
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |