dropbear: common-kex.c annotate

annotate common-kex.c @ 1902:4a6725ac957c

Revert "Don't include sk keys at all in KEX list" This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72. The sk algorithms need to remain in the sigalgs list so that they are included in the server-sig-algs ext-info message sent by the server. RFC8308 for server-sig-algs requires that all algorithms are listed (though OpenSSH client 8.4p1 tested doesn't require that)

author	Matt Johnston <matt@ucc.asn.au>
date	Thu, 24 Mar 2022 13:42:08 +0800
parents	3bfacfc996cf
children	8b4274d34fe8

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
74 e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 36 diff changeset	2 * Dropbear SSH
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	4 * Copyright (c) 2002-2004 Matt Johnston
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * Portions Copyright (c) 2004 by Mihnea Stoenescu
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "algo.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 #include "session.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 #include "kex.h"
1224 82e2037d34ea Move dh group constants to a separate file Matt Johnston <matt@ucc.asn.au> parents: 1175 diff changeset	32 #include "dh_groups.h"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "ssh.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "packet.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "bignum.h"
858 220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	36 #include "dbrandom.h"
575 f9b5dc0cba61 - Disable compression for non-final multihops Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	37 #include "runopts.h"
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	38 #include "ecc.h"
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1607 diff changeset	39 #include "curve25519.h"
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: 765 diff changeset	40 #include "crypto_desc.h"
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	41
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1251 diff changeset	42 static void kexinitialise(void);
9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1251 diff changeset	43 static void gen_new_keys(void);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 #ifndef DISABLE_ZLIB
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1251 diff changeset	45 static void gen_new_zstream_recv(void);
9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1251 diff changeset	46 static void gen_new_zstream_trans(void);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 #endif
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1251 diff changeset	48 static void read_kex_algos(void);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 /* helper function for gen_new_keys */
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	50 static void hashkeys(unsigned char *out, unsigned int outlen,
a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	51 const hash_state * hs, const unsigned char X);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 /* Send our list of algorithms we can use */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 void send_msg_kexinit() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 CHECKCLEARTOWRITE();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 /* cookie */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 genrandom(buf_getwriteptr(ses.writepayload, 16), 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 buf_incrwritepos(ses.writepayload, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 /* kex algos */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 buf_put_algolist(ses.writepayload, sshkex);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 /* server_host_key_algorithms */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	68 buf_put_algolist(ses.writepayload, sigalgs);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
683 63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	70 /* encryption_algorithms_client_to_server */
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	71 buf_put_algolist(ses.writepayload, sshciphers);
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	72
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	73 /* encryption_algorithms_server_to_client */
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	74 buf_put_algolist(ses.writepayload, sshciphers);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75
683 63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	76 /* mac_algorithms_client_to_server */
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	77 buf_put_algolist(ses.writepayload, sshhashes);
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	78
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	79 /* mac_algorithms_server_to_client */
63f8d6c469cf ENABLE_USER_ALGO_LIST should work for the client Matt Johnston <matt@ucc.asn.au> parents: 682 diff changeset	80 buf_put_algolist(ses.writepayload, sshhashes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83 /* compression_algorithms_client_to_server */
575 f9b5dc0cba61 - Disable compression for non-final multihops Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	84 buf_put_algolist(ses.writepayload, ses.compress_algos);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 /* compression_algorithms_server_to_client */
575 f9b5dc0cba61 - Disable compression for non-final multihops Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	87 buf_put_algolist(ses.writepayload, ses.compress_algos);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89 /* languages_client_to_server */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	90 buf_putstring(ses.writepayload, "", 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 /* languages_server_to_client */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	93 buf_putstring(ses.writepayload, "", 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	95 /* first_kex_packet_follows */
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	96 buf_putbyte(ses.writepayload, (ses.send_kex_first_guess != NULL));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98 /* reserved unit32 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	99 buf_putint(ses.writepayload, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 /* set up transmitted kex packet buffer for hashing.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 * This is freed after the end of the kex */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 ses.transkexinit = buf_newcopy(ses.writepayload);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 encrypt_packet();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 ses.dataallowed = 0; /* don't send other packets during kex */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	108 ses.kexstate.sentkexinit = 1;
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	109
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	110 ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	111
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	112 if (ses.send_kex_first_guess) {
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	113 ses.newkeys->algo_kex = first_usable_algo(sshkex)->data;
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	114 ses.newkeys->algo_signature = first_usable_algo(sigalgs)->val;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	115 ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature);
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	116 ses.send_kex_first_guess();
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	117 }
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	118
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	119 TRACE(("DATAALLOWED=0"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	120 TRACE(("-> KEXINIT"))
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	121
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123
771 a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	124 static void switch_keys() {
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	125 TRACE2(("enter switch_keys"))
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	126 if (!(ses.kexstate.sentkexinit && ses.kexstate.recvkexinit)) {
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	127 dropbear_exit("Unexpected newkeys message");
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	128 }
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	129
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	130 if (!ses.keys) {
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	131 ses.keys = m_malloc(sizeof(*ses.newkeys));
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	132 }
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	133 if (ses.kexstate.recvnewkeys && ses.newkeys->recv.valid) {
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	134 TRACE(("switch_keys recv"))
781 f110d321fe7a Fix build when zlib is disabled, from Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	135 #ifndef DISABLE_ZLIB
771 a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	136 gen_new_zstream_recv();
781 f110d321fe7a Fix build when zlib is disabled, from Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	137 #endif
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	138 ses.keys->recv = ses.newkeys->recv;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	139 m_burn(&ses.newkeys->recv, sizeof(ses.newkeys->recv));
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	140 ses.newkeys->recv.valid = 0;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	141 }
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	142 if (ses.kexstate.sentnewkeys && ses.newkeys->trans.valid) {
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	143 TRACE(("switch_keys trans"))
781 f110d321fe7a Fix build when zlib is disabled, from Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	144 #ifndef DISABLE_ZLIB
771 a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	145 gen_new_zstream_trans();
781 f110d321fe7a Fix build when zlib is disabled, from Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	146 #endif
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	147 ses.keys->trans = ses.newkeys->trans;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	148 m_burn(&ses.newkeys->trans, sizeof(ses.newkeys->trans));
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	149 ses.newkeys->trans.valid = 0;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	150 }
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	151 if (ses.kexstate.sentnewkeys && ses.kexstate.recvnewkeys)
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	152 {
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	153 TRACE(("switch_keys done"))
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	154 ses.keys->algo_kex = ses.newkeys->algo_kex;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	155 ses.keys->algo_hostkey = ses.newkeys->algo_hostkey;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	156 ses.keys->algo_signature = ses.newkeys->algo_signature;
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	157 ses.keys->allow_compress = 0;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	158 m_free(ses.newkeys);
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	159 ses.newkeys = NULL;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	160 kexinitialise();
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	161 }
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	162 TRACE2(("leave switch_keys"))
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	163 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 /* Bring new keys into use after a key exchange, and let the client know*/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 void send_msg_newkeys() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	168 TRACE(("enter send_msg_newkeys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 /* generate the kexinit request */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 CHECKCLEARTOWRITE();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 encrypt_packet();
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	174
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 /* set up our state */
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	177 ses.kexstate.sentnewkeys = 1;
1681 435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1678 diff changeset	178 if (ses.kexstate.donefirstkex) {
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1678 diff changeset	179 ses.kexstate.donesecondkex = 1;
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1678 diff changeset	180 }
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	181 ses.kexstate.donefirstkex = 1;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	182 ses.dataallowed = 1; /* we can send other packets again now */
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	183 gen_new_keys();
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	184 switch_keys();
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	186 TRACE(("leave send_msg_newkeys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 /* Bring the new keys into use after a key exchange */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190 void recv_msg_newkeys() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	192 TRACE(("enter recv_msg_newkeys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	194 ses.kexstate.recvnewkeys = 1;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	195 switch_keys();
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	197 TRACE(("leave recv_msg_newkeys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	201 /* Set up the kex for the first time */
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	202 void kexfirstinitialise() {
996 47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	203 #ifdef DISABLE_ZLIB
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	204 ses.compress_algos = ssh_nocompress;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	205 #else
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	206 switch (opts.compress_mode)
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	207 {
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	208 case DROPBEAR_COMPRESS_DELAYED:
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	209 ses.compress_algos = ssh_delaycompress;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	210 break;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	211
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	212 case DROPBEAR_COMPRESS_ON:
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	213 ses.compress_algos = ssh_compress;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	214 break;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	215
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	216 case DROPBEAR_COMPRESS_OFF:
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	217 ses.compress_algos = ssh_nocompress;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	218 break;
47643024fc90 Disable non-delayed zlib for server Matt Johnston <matt@ucc.asn.au> parents: 987 diff changeset	219 }
575 f9b5dc0cba61 - Disable compression for non-final multihops Matt Johnston <matt@ucc.asn.au> parents: 555 diff changeset	220 #endif
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	221 kexinitialise();
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	222 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	223
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	224 /* Reset the kex state, ready for a new negotiation */
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	225 static void kexinitialise() {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	227 TRACE(("kexinitialise()"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 /* sent/recv'd MSG_KEXINIT */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 ses.kexstate.sentkexinit = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 ses.kexstate.recvkexinit = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 /* sent/recv'd MSG_NEWKEYS */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 ses.kexstate.recvnewkeys = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 ses.kexstate.sentnewkeys = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 /* first_packet_follows */
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	238 ses.kexstate.them_firstfollows = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 ses.kexstate.datatrans = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241 ses.kexstate.datarecv = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	243 ses.kexstate.our_first_follows_matches = 0;
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	244
928 7cd89d4e0335 Add new monotonic_now() wrapper so that timeouts are unaffected by Matt Johnston <matt@ucc.asn.au> parents: 907 diff changeset	245 ses.kexstate.lastkextime = monotonic_now();
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 * already initialised hash_state hs, which should already have processed
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253 *
409 0e69e948caba Add comments about requiring keysize <= 2SHA1_HASH_SIZE Matt Johnston <matt@ucc.asn.au>* parents: 257 diff changeset	254 * See Section 7.2 of rfc4253 (ssh transport) for details */
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	255 static void hashkeys(unsigned char *out, unsigned int outlen,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 const hash_state * hs, const unsigned char X) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	258 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259 hash_state hs2;
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	260 unsigned int offset;
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	261 unsigned char tmpout[MAX_HASH_SIZE];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 memcpy(&hs2, hs, sizeof(hash_state));
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	264 hash_desc->process(&hs2, &X, 1);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	265 hash_desc->process(&hs2, ses.session_id->data, ses.session_id->len);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	266 hash_desc->done(&hs2, tmpout);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	267 memcpy(out, tmpout, MIN(hash_desc->hashsize, outlen));
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	268 for (offset = hash_desc->hashsize;
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 648 diff changeset	269 offset < outlen;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	270 offset += hash_desc->hashsize)
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 648 diff changeset	271 {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272 /* need to extend */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 memcpy(&hs2, hs, sizeof(hash_state));
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	274 hash_desc->process(&hs2, out, offset);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	275 hash_desc->done(&hs2, tmpout);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	276 memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	277 }
987 ed85797bbc85 clear hash state memory after use Matt Johnston <matt@ucc.asn.au> parents: 928 diff changeset	278 m_burn(&hs2, sizeof(hash_state));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	280
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281 /* Generate the actual encryption/integrity keys, using the results of the
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 595 diff changeset	282 * key exchange, as specified in section 7.2 of the transport rfc 4253.
3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 595 diff changeset	283 * This occurs after the DH key-exchange.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	285 * ses.newkeys is the new set of keys which are generated, these are only
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	286 * taken into use after both sides have sent a newkeys message */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	288 static void gen_new_keys() {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	289
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	290 unsigned char C2S_IV[MAX_IV_LEN];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	291 unsigned char C2S_key[MAX_KEY_LEN];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	292 unsigned char S2C_IV[MAX_IV_LEN];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	293 unsigned char S2C_key[MAX_KEY_LEN];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	294 /* unsigned char key[MAX_KEY_LEN]; */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	295 unsigned char trans_IV, trans_key, recv_IV, recv_key;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 hash_state hs;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	298 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299 char mactransletter, macrecvletter; /* Client or server specific */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	301 TRACE(("enter gen_new_keys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 /* the dh_K and hash are the start of all hashes, we make use of that */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	304 hash_desc->init(&hs);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	305 hash_process_mp(hash_desc, &hs, ses.dh_K);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	306 mp_clear(ses.dh_K);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	307 m_free(ses.dh_K);
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	308 hash_desc->process(&hs, ses.hash->data, ses.hash->len);
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	309 buf_burn(ses.hash);
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	310 buf_free(ses.hash);
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	311 ses.hash = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	312
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	313 if (IS_DROPBEAR_CLIENT) {
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	314 trans_IV = C2S_IV;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	315 recv_IV = S2C_IV;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	316 trans_key = C2S_key;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	317 recv_key = S2C_key;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	318 mactransletter = 'E';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	319 macrecvletter = 'F';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320 } else {
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	321 trans_IV = S2C_IV;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	322 recv_IV = C2S_IV;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	323 trans_key = S2C_key;
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	324 recv_key = C2S_key;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	325 mactransletter = 'F';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326 macrecvletter = 'E';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	327 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	328
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	329 hashkeys(C2S_IV, sizeof(C2S_IV), &hs, 'A');
a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	330 hashkeys(S2C_IV, sizeof(S2C_IV), &hs, 'B');
a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	331 hashkeys(C2S_key, sizeof(C2S_key), &hs, 'C');
a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	332 hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D');
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	333
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	334 if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) {
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	335 int recv_cipher = -1;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	336 if (ses.newkeys->recv.algo_crypt->cipherdesc->name != NULL) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	337 recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
1700 56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	338 if (recv_cipher < 0) {
56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	339 dropbear_exit("Crypto error");
56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	340 }
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	341 }
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	342 if (ses.newkeys->recv.crypt_mode->start(recv_cipher,
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	343 recv_IV, recv_key,
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	344 ses.newkeys->recv.algo_crypt->keysize, 0,
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	345 &ses.newkeys->recv.cipher_state) != CRYPT_OK) {
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	346 dropbear_exit("Crypto error");
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	347 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348 }
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	349
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	350 if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) {
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	351 int trans_cipher = -1;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	352 if (ses.newkeys->trans.algo_crypt->cipherdesc->name != NULL) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	353 trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
1700 56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	354 if (trans_cipher < 0) {
56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	355 dropbear_exit("Crypto error");
56f636f84bf5 Fix indentation and add braces Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	356 }
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	357 }
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	358 if (ses.newkeys->trans.crypt_mode->start(trans_cipher,
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	359 trans_IV, trans_key,
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	360 ses.newkeys->trans.algo_crypt->keysize, 0,
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	361 &ses.newkeys->trans.cipher_state) != CRYPT_OK) {
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	362 dropbear_exit("Crypto error");
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	363 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 }
512 0129fd8ccc71 Update nocrypto branch to current head Matt Johnston <matt@ucc.asn.au> parents: 511 diff changeset	365
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	366 if (ses.newkeys->trans.algo_mac->hash_desc != NULL) {
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	367 hashkeys(ses.newkeys->trans.mackey,
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	368 ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	369 ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hash_desc->name);
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	370 }
712 bf0ac0512ef7 Fix "-m none" case and ugly typo Matt Johnston <matt@ucc.asn.au> parents: 684 diff changeset	371
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	372 if (ses.newkeys->recv.algo_mac->hash_desc != NULL) {
681 a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	373 hashkeys(ses.newkeys->recv.mackey,
a4b7627b3157 Update insecure-nocrypto to current head Matt Johnston <matt@ucc.asn.au> parents: 679 512 diff changeset	374 ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	375 ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hash_desc->name);
252 29afa62b5450 - a hack for grahame to run dropbear with "none" cipher. Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	376 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377
753 d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	378 /* Ready to switch over */
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	379 ses.newkeys->trans.valid = 1;
d63ef1e211ea Take transmit and receive keys into use separately Matt Johnston <matt@ucc.asn.au> parents: 746 diff changeset	380 ses.newkeys->recv.valid = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	381
648 4222a1039b06 Clear a few buffers when possible Matt Johnston <matt@ucc.asn.au> parents: 603 diff changeset	382 m_burn(C2S_IV, sizeof(C2S_IV));
4222a1039b06 Clear a few buffers when possible Matt Johnston <matt@ucc.asn.au> parents: 603 diff changeset	383 m_burn(C2S_key, sizeof(C2S_key));
4222a1039b06 Clear a few buffers when possible Matt Johnston <matt@ucc.asn.au> parents: 603 diff changeset	384 m_burn(S2C_IV, sizeof(S2C_IV));
4222a1039b06 Clear a few buffers when possible Matt Johnston <matt@ucc.asn.au> parents: 603 diff changeset	385 m_burn(S2C_key, sizeof(S2C_key));
987 ed85797bbc85 clear hash state memory after use Matt Johnston <matt@ucc.asn.au> parents: 928 diff changeset	386 m_burn(&hs, sizeof(hash_state));
648 4222a1039b06 Clear a few buffers when possible Matt Johnston <matt@ucc.asn.au> parents: 603 diff changeset	387
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	388 TRACE(("leave gen_new_keys"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	389 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	391 #ifndef DISABLE_ZLIB
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	392
d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	393 int is_compress_trans() {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	394 return ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	395 \|\| (ses.authstate.authdone
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	396 && ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	397 }
d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	398
d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	399 int is_compress_recv() {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	400 return ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	401 \|\| (ses.authstate.authdone
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	402 && ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	403 }
d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	404
1365 9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	405 static void* dropbear_zalloc(void* UNUSED(opaque), uInt items, uInt size) {
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	406 return m_calloc(items, size);
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	407 }
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	408
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	409 static void dropbear_zfree(void* UNUSED(opaque), void* ptr) {
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	410 m_free(ptr);
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	411 }
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	412
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	413 /* Set up new zlib compression streams, close the old ones. Only
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414 * called from gen_new_keys() */
771 a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	415 static void gen_new_zstream_recv() {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	417 /* create new zstreams */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	418 if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	419 \|\| ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	420 ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream));
1365 9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	421 ses.newkeys->recv.zstream->zalloc = dropbear_zalloc;
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	422 ses.newkeys->recv.zstream->zfree = dropbear_zfree;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	424 if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	425 dropbear_exit("zlib error");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	427 } else {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	428 ses.newkeys->recv.zstream = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 }
771 a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	430 /* clean up old keys */
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	431 if (ses.keys->recv.zstream != NULL) {
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	432 if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	433 /* Z_DATA_ERROR is ok, just means that stream isn't ended */
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	434 dropbear_exit("Crypto error");
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	435 }
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	436 m_free(ses.keys->recv.zstream);
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	437 }
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	438 }
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	439
a389a2a7aa96 Fix zlib for split newkeys Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	440 static void gen_new_zstream_trans() {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	442 if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	443 \|\| ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	444 ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream));
1365 9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	445 ses.newkeys->trans.zstream->zalloc = dropbear_zalloc;
9aa6cd66b51d zlib can use m_malloc/m_free too Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	446 ses.newkeys->trans.zstream->zfree = dropbear_zfree;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447
555 daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 534 diff changeset	448 if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION,
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 534 diff changeset	449 Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS,
daf52f813328 - Add option to change zlib windowBits/memLevel Matt Johnston <matt@ucc.asn.au> parents: 534 diff changeset	450 DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	451 != Z_OK) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 dropbear_exit("zlib error");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454 } else {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	455 ses.newkeys->trans.zstream = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456 }
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	457
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	458 if (ses.keys->trans.zstream != NULL) {
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	459 if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	460 /* Z_DATA_ERROR is ok, just means that stream isn't ended */
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 575 diff changeset	461 dropbear_exit("Crypto error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	462 }
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	463 m_free(ses.keys->trans.zstream);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 }
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	466 #endif /* DISABLE_ZLIB */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	469 /* Executed upon receiving a kexinit message from the client to initiate
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 * key exchange. If we haven't already done so, we send the list of our
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	471 * preferred algorithms. The client's requested algorithms are processed,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	472 * and we calculate the first portion of the key-exchange-hash for used
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	473 * later in the key exchange. No response is sent, as the client should
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	474 * initiate the diffie-hellman key exchange */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 void recv_msg_kexinit() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	476
257 63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	477 unsigned int kexhashbuf_len = 0;
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	478 unsigned int remote_ident_len = 0;
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	479 unsigned int local_ident_len = 0;
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	480
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	481 TRACE(("<- KEXINIT"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	482 TRACE(("enter recv_msg_kexinit"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	483
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	484 if (!ses.kexstate.sentkexinit) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	485 /* we need to send a kex packet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	486 send_msg_kexinit();
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	487 TRACE(("continue recv_msg_kexinit: sent kexinit"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	488 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	489
1743 7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	490 /* "Once a party has sent a SSH_MSG_KEXINIT message ...
7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	491 further SSH_MSG_KEXINIT messages MUST NOT be sent" */
7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	492 if (ses.kexstate.recvkexinit) {
7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	493 dropbear_exit("Unexpected KEXINIT");
7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	494 }
7d8462677355 Disallow extra kexinit messages Matt Johnston <matt@ucc.asn.au> parents: 1702 diff changeset	495
257 63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	496 /* start the kex hash */
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	497 local_ident_len = strlen(LOCAL_IDENT);
1108 2ebf450edc2d Turn sshsession's remoteident attribute into char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	498 remote_ident_len = strlen(ses.remoteident);
257 63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	499
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	500 kexhashbuf_len = local_ident_len + remote_ident_len
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	501 + ses.transkexinit->len + ses.payload->len
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	502 + KEXHASHBUF_MAX_INTS;
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	503
63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	504 ses.kexhashbuf = buf_new(kexhashbuf_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	506 if (IS_DROPBEAR_CLIENT) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	508 /* read the peer's choice of algos */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	509 read_kex_algos();
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	510
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	511 /* V_C, the client's version string (CR and NL excluded) */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	512 buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	513 /* V_S, the server's version string (CR and NL excluded) */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	514 buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	515
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	516 /* I_C, the payload of the client's SSH_MSG_KEXINIT */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	517 buf_putstring(ses.kexhashbuf,
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	518 (const char*)ses.transkexinit->data, ses.transkexinit->len);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	519 /* I_S, the payload of the server's SSH_MSG_KEXINIT */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	520 buf_setpos(ses.payload, ses.payload_beginning);
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	521 buf_putstring(ses.kexhashbuf,
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	522 (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	523 ses.payload->len-ses.payload->pos);
886 cbc73a5aefb0 requirenext doesn't need two values Matt Johnston <matt@ucc.asn.au> parents: 885 diff changeset	524 ses.requirenext = SSH_MSG_KEXDH_REPLY;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	525 } else {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	526 /* SERVER */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	528 /* read the peer's choice of algos */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	529 read_kex_algos();
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	530 /* V_C, the client's version string (CR and NL excluded) */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	531 buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	532 /* V_S, the server's version string (CR and NL excluded) */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	533 buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	534
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	535 /* I_C, the payload of the client's SSH_MSG_KEXINIT */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	536 buf_setpos(ses.payload, ses.payload_beginning);
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	537 buf_putstring(ses.kexhashbuf,
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	538 (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	539 ses.payload->len-ses.payload->pos);
257 63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	540
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	541 /* I_S, the payload of the server's SSH_MSG_KEXINIT */
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1175 diff changeset	542 buf_putstring(ses.kexhashbuf,
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	543 (const char*)ses.transkexinit->data, ses.transkexinit->len);
257 63601217f5ab * options.h, common-kex.c: fix support of 4096 byte host keys Matt Johnston <matt@ucc.asn.au> parents: 228 diff changeset	544
886 cbc73a5aefb0 requirenext doesn't need two values Matt Johnston <matt@ucc.asn.au> parents: 885 diff changeset	545 ses.requirenext = SSH_MSG_KEXDH_INIT;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	547
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 buf_free(ses.transkexinit);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 ses.transkexinit = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550 /* the rest of ses.kexhashbuf will be done after DH exchange */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552 ses.kexstate.recvkexinit = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 116 diff changeset	554 TRACE(("leave recv_msg_kexinit"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	555 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556
1702 8f93f37c01de Allow DH to be completely disabled (#97) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1700 diff changeset	557 #if DROPBEAR_NORMAL_DH
595 2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	558 static void load_dh_p(mp_int * dh_p)
2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	559 {
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	560 bytes_to_mp(dh_p, ses.newkeys->algo_kex->dh_p_bytes,
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	561 ses.newkeys->algo_kex->dh_p_len);
595 2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	562 }
2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	563
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	564 /* Initialises and generate one side of the diffie-hellman key exchange values.
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 595 diff changeset	565 * See the transport rfc 4253 section 8 for details */
84 29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 79 diff changeset	566 /* dh_pub and dh_priv MUST be already initialised */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	567 struct kex_dh_param *gen_kexdh_param() {
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	568 struct kex_dh_param *param = NULL;
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	569
84 29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 79 diff changeset	570 DEF_MP_INT(dh_p);
29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 79 diff changeset	571 DEF_MP_INT(dh_q);
29a5c7c62350 default initialisers for mp_ints Matt Johnston <matt@ucc.asn.au> parents: 79 diff changeset	572 DEF_MP_INT(dh_g);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	573
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	574 TRACE(("enter gen_kexdh_vals"))
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	575
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	576 param = m_malloc(sizeof(*param));
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 848 diff changeset	577 m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	578
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	579 /* read the prime and generator*/
595 2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	580 load_dh_p(&dh_p);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	581
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1683 diff changeset	582 mp_set_ul(&dh_g, DH_G_VAL);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	583
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	584 /* calculate q = (p-1)/2 */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	585 /* dh_priv is just a temp var here */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	586 if (mp_sub_d(&dh_p, 1, &param->priv) != MP_OKAY) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	587 dropbear_exit("Diffie-Hellman error");
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	588 }
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	589 if (mp_div_2(&param->priv, &dh_q) != MP_OKAY) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	590 dropbear_exit("Diffie-Hellman error");
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	591 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	592
188 c9483550701b - refactored random mp_int generation and byte->mp_int code Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	593 /* Generate a private portion 0 < dh_priv < dh_q */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	594 gen_random_mpint(&dh_q, &param->priv);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	595
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	596 /* f = g^y mod p */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	597 if (mp_exptmod(&dh_g, &param->priv, &dh_p, &param->pub) != MP_OKAY) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	598 dropbear_exit("Diffie-Hellman error");
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	599 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	600 mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL);
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	601 return param;
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	602 }
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	603
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	604 void free_kexdh_param(struct kex_dh_param *param)
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	605 {
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	606 mp_clear_multi(&param->pub, &param->priv, NULL);
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	607 m_free(param);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	608 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	609
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	610 /* This function is fairly common between client/server, with some substitution
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	611 * of dh_e/dh_f etc. Hence these arguments:
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	612 * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	613 * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	614 void kexdh_comb_key(struct kex_dh_param param, mp_int dh_pub_them,
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	615 sign_key *hostkey) {
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	616
1013 a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	617 DEF_MP_INT(dh_p);
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	618 DEF_MP_INT(dh_p_min1);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	619 mp_int dh_e = NULL, dh_f = NULL;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	620
1013 a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	621 m_mp_init_multi(&dh_p, &dh_p_min1, NULL);
595 2895626d864f Add diffie-hellman-group14-sha1 KEX method Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	622 load_dh_p(&dh_p);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	623
1013 a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	624 if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) {
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	625 dropbear_exit("Diffie-Hellman error");
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	626 }
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	627
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	628 /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	629 if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT
a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	630 \|\| mp_cmp_d(dh_pub_them, 1) != MP_GT) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	631 dropbear_exit("Diffie-Hellman error");
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	632 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	633
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	634 /* K = e^y mod p = f^x mod p */
805 724c3e0c8734 Add m_mp_alloc_init_multi() helper Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	635 m_mp_alloc_init_multi(&ses.dh_K, NULL);
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	636 if (mp_exptmod(dh_pub_them, &param->priv, &dh_p, ses.dh_K) != MP_OKAY) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	637 dropbear_exit("Diffie-Hellman error");
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	638 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	639
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	640 /* clear no longer needed vars */
1013 a1e79ffa5862 Tighten validation of DH values. Odds of x==0 being generated are Matt Johnston <matt@ucc.asn.au> parents: 996 diff changeset	641 mp_clear_multi(&dh_p, &dh_p_min1, NULL);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	642
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	643 /* From here on, the code needs to work with the _same_ vars on each side,
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	644 * not vice-versaing for client/server */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	645 if (IS_DROPBEAR_CLIENT) {
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	646 dh_e = &param->pub;
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	647 dh_f = dh_pub_them;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	648 } else {
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	649 dh_e = dh_pub_them;
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	650 dh_f = &param->pub;
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	651 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	652
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	653 /* Create the remainder of the hash buffer, to generate the exchange hash */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	654 /* K_S, the host key */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	655 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	656 /* e, exchange value sent by the client */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	657 buf_putmpint(ses.kexhashbuf, dh_e);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	658 /* f, exchange value sent by the server */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	659 buf_putmpint(ses.kexhashbuf, dh_f);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	660 /* K, the shared secret */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	661 buf_putmpint(ses.kexhashbuf, ses.dh_K);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	662
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	663 /* calculate the hash H to sign */
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	664 finish_kexhashbuf();
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	665 }
1702 8f93f37c01de Allow DH to be completely disabled (#97) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1700 diff changeset	666 #endif
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	667
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	668 #if DROPBEAR_ECDH
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	669 struct kex_ecdh_param *gen_kexecdh_param() {
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	670 struct kex_ecdh_param param = m_malloc(sizeof(param));
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	671 if (ecc_make_key_ex(NULL, dropbear_ltc_prng,
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	672 &param->key, ses.newkeys->algo_kex->ecc_curve->dp) != CRYPT_OK) {
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	673 dropbear_exit("ECC error");
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	674 }
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	675 return param;
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	676 }
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	677
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	678 void free_kexecdh_param(struct kex_ecdh_param *param) {
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	679 ecc_free(&param->key);
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	680 m_free(param);
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	681
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	682 }
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	683 void kexecdh_comb_key(struct kex_ecdh_param param, buffer pub_them,
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	684 sign_key *hostkey) {
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	685 const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	686 /* public keys from client and server */
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	687 ecc_key Q_C, Q_S, *Q_them;
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	688
765 5503e05ab3a4 - Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string() Matt Johnston <matt@ucc.asn.au> parents: 763 diff changeset	689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve);
1128 a9e074b78cd5 check ecc key return, fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1124 diff changeset	690 if (Q_them == NULL) {
a9e074b78cd5 check ecc key return, fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1124 diff changeset	691 dropbear_exit("ECC error");
a9e074b78cd5 check ecc key return, fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1124 diff changeset	692 }
757 230666086711 ecc key import function Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	693
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	694 ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key);
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	695
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	696 /* Create the remainder of the hash buffer, to generate the exchange hash
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	697 See RFC5656 section 4 page 7 */
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	698 if (IS_DROPBEAR_CLIENT) {
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	699 Q_C = &param->key;
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	700 Q_S = Q_them;
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	701 } else {
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	702 Q_C = Q_them;
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	703 Q_S = &param->key;
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	704 }
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	705
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	706 /* K_S, the host key */
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	707 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	708 /* Q_C, client's ephemeral public key octet string */
765 5503e05ab3a4 - Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string() Matt Johnston <matt@ucc.asn.au> parents: 763 diff changeset	709 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C);
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 757 diff changeset	710 /* Q_S, server's ephemeral public key octet string */
765 5503e05ab3a4 - Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string() Matt Johnston <matt@ucc.asn.au> parents: 763 diff changeset	711 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_S);
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	712 /* K, the shared secret */
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	713 buf_putmpint(ses.kexhashbuf, ses.dh_K);
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	714
1607 0bdbb9ecc403 avoid leak of ecdh public key Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	715 ecc_free(Q_them);
0bdbb9ecc403 avoid leak of ecdh public key Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	716 m_free(Q_them);
0bdbb9ecc403 avoid leak of ecdh public key Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	717
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	718 /* calculate the hash H to sign */
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	719 finish_kexhashbuf();
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	720 }
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	721 #endif /* DROPBEAR_ECDH */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	722
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	723 #if DROPBEAR_CURVE25519
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1607 diff changeset	724 struct kex_curve25519_param *gen_kexcurve25519_param() {
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	725 /* Per http://cr.yp.to/ecdh.html */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	726 struct kex_curve25519_param param = m_malloc(sizeof(param));
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	727 const unsigned char basepoint[32] = {9};
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	728
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	729 genrandom(param->priv, CURVE25519_LEN);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1607 diff changeset	730 dropbear_curve25519_scalarmult(param->pub, param->priv, basepoint);
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	731
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	732 return param;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	733 }
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	734
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1607 diff changeset	735 void free_kexcurve25519_param(struct kex_curve25519_param *param) {
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	736 m_burn(param->priv, CURVE25519_LEN);
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	737 m_free(param);
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	738 }
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	739
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1402 diff changeset	740 void kexcurve25519_comb_key(const struct kex_curve25519_param param, const buffer buf_pub_them,
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	741 sign_key *hostkey) {
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 848 diff changeset	742 unsigned char out[CURVE25519_LEN];
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	743 const unsigned char* Q_C = NULL;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	744 const unsigned char* Q_S = NULL;
1175 1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	745 char zeroes[CURVE25519_LEN] = {0};
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	746
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	747 if (buf_pub_them->len != CURVE25519_LEN)
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	748 {
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	749 dropbear_exit("Bad curve25519");
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	750 }
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	751
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1607 diff changeset	752 dropbear_curve25519_scalarmult(out, param->priv, buf_pub_them->data);
1175 1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	753
1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	754 if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	755 dropbear_exit("Bad curve25519");
1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	756 }
1b8afc698e39 check for zero K value from curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1128 diff changeset	757
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 848 diff changeset	758 m_mp_alloc_init_multi(&ses.dh_K, NULL);
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	759 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 848 diff changeset	760 m_burn(out, sizeof(out));
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	761
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	762 /* Create the remainder of the hash buffer, to generate the exchange hash.
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	763 See RFC5656 section 4 page 7 */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	764 if (IS_DROPBEAR_CLIENT) {
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	765 Q_C = param->pub;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	766 Q_S = buf_pub_them->data;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	767 } else {
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	768 Q_S = param->pub;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	769 Q_C = buf_pub_them->data;
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	770 }
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	771
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	772 /* K_S, the host key */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	773 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	774 /* Q_C, client's ephemeral public key octet string */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	775 buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN);
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	776 /* Q_S, server's ephemeral public key octet string */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1108 diff changeset	777 buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN);
848 6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	778 /* K, the shared secret */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	779 buf_putmpint(ses.kexhashbuf, ses.dh_K);
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	780
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	781 /* calculate the hash H to sign */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	782 finish_kexhashbuf();
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	783 }
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	784 #endif /* DROPBEAR_CURVE25519 */
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	785
6c69e7df3621 curve25519 Matt Johnston <matt@ucc.asn.au> parents: 805 diff changeset	786
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1411 diff changeset	787 void finish_kexhashbuf(void) {
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	788 hash_state hs;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	789 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	790
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	791 hash_desc->init(&hs);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	792 buf_setpos(ses.kexhashbuf, 0);
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	793 hash_desc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	794 ses.kexhashbuf->len);
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	795 ses.hash = buf_new(hash_desc->hashsize);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	796 hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize));
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	797 buf_setlen(ses.hash, hash_desc->hashsize);
35 0ad5fb979f42 set the isserver flag (oops) Matt Johnston <matt@ucc.asn.au> parents: 34 diff changeset	798
1402 553c6bb80265 fix DEBUG_* condition Francois Perrad <francois.perrad@gadz.org> parents: 1295 diff changeset	799 #if defined(DEBUG_KEXHASH) && DEBUG_TRACE
907 4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	800 if (!debug_trace) {
4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	801 printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len);
4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	802 printhex("kexhash", ses.hash->data, ses.hash->len);
4a74c58e11fc Make some debug info conditional Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	803 }
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	804 #endif
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	805
35 0ad5fb979f42 set the isserver flag (oops) Matt Johnston <matt@ucc.asn.au> parents: 34 diff changeset	806 buf_burn(ses.kexhashbuf);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	807 buf_free(ses.kexhashbuf);
987 ed85797bbc85 clear hash state memory after use Matt Johnston <matt@ucc.asn.au> parents: 928 diff changeset	808 m_burn(&hs, sizeof(hash_state));
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	809 ses.kexhashbuf = NULL;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	810
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	811 /* first time around, we set the session_id to H */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	812 if (ses.session_id == NULL) {
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	813 /* create the session_id, this never needs freeing */
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	814 ses.session_id = buf_newcopy(ses.hash);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	815 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	816 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	817
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	818 /* read the other side's algo list. buf_match_algo is a callback to match
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	819 * algos for the client or server. */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	820 static void read_kex_algos() {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	821
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	822 /* for asymmetry */
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	823 algo_type * c2s_hash_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	824 algo_type * s2c_hash_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	825 algo_type * c2s_cipher_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	826 algo_type * s2c_cipher_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	827 algo_type * c2s_comp_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	828 algo_type * s2c_comp_algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	829 /* the generic one */
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	830 algo_type * algo = NULL;
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	831
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	832 /* which algo couldn't match */
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	833 char * erralgo = NULL;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	834
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	835 int goodguess = 0;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	836 int allgood = 1; /* we AND this with each goodguess and see if its still
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	837 true after */
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	838 int kexguess2 = 0;
740 3062da90dab8 Add kexguess2 behaviour Matt Johnston <matt@ucc.asn.au> parents: 739 diff changeset	839
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	840 buf_incrpos(ses.payload, 16); /* start after the cookie */
04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	841
04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	842 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	843
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	844 /* kex_algorithms */
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	845 #if DROPBEAR_KEXGUESS2
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	846 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	847 kexguess2 = 1;
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	848 }
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	849 #endif
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	850
1681 435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1678 diff changeset	851 #if DROPBEAR_EXT_INFO
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	852 /* Determine if SSH_MSG_EXT_INFO messages should be sent.
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	853 Should be done for the first key exchange. Only required on server side
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	854 for server-sig-algs */
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	855 if (IS_DROPBEAR_SERVER) {
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	856 if (!ses.kexstate.donefirstkex) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	857 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	858 ses.allow_ext_info = 1;
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	859 }
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	860 }
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	861 }
1681 435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1678 diff changeset	862 #endif
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	863
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	864 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	865 allgood &= goodguess;
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	866 if (algo == NULL \|\| algo->data == NULL) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	867 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	868 erralgo = "kex";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	869 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	870 }
740 3062da90dab8 Add kexguess2 behaviour Matt Johnston <matt@ucc.asn.au> parents: 739 diff changeset	871 TRACE(("kexguess2 %d", kexguess2))
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	872 DEBUG3(("kex algo %s", algo->name))
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	873 ses.newkeys->algo_kex = algo->data;
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	874
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	875 /* server_host_key_algorithms */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	876 algo = buf_match_algo(ses.payload, sigalgs, kexguess2, &goodguess);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	877 allgood &= goodguess;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	878 if (algo == NULL) {
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	879 erralgo = "hostkey";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	880 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	881 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	882 DEBUG2(("hostkey algo %s", algo->name))
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	883 ses.newkeys->algo_signature = algo->val;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	884 ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	885
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	886 /* encryption_algorithms_client_to_server */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	887 c2s_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL);
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	888 if (c2s_cipher_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	889 erralgo = "enc c->s";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	890 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	891 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	892 DEBUG2(("enc c2s is %s", c2s_cipher_algo->name))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	893
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	894 /* encryption_algorithms_server_to_client */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	895 s2c_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL);
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	896 if (s2c_cipher_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	897 erralgo = "enc s->c";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	898 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	899 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	900 DEBUG2(("enc s2c is %s", s2c_cipher_algo->name))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	901
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	902 /* mac_algorithms_client_to_server */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	903 c2s_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL);
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	904 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	905 if (((struct dropbear_cipher_mode*)c2s_cipher_algo->mode)->aead_crypt != NULL) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	906 c2s_hash_algo = NULL;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	907 } else
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	908 #endif
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	909 if (c2s_hash_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	910 erralgo = "mac c->s";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	911 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	912 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	913 DEBUG2(("hmac c2s is %s", c2s_hash_algo ? c2s_hash_algo->name : "<implicit>"))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	914
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	915 /* mac_algorithms_server_to_client */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	916 s2c_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL);
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	917 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	918 if (((struct dropbear_cipher_mode*)s2c_cipher_algo->mode)->aead_crypt != NULL) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	919 s2c_hash_algo = NULL;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	920 } else
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	921 #endif
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	922 if (s2c_hash_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	923 erralgo = "mac s->c";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	924 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	925 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	926 DEBUG2(("hmac s2c is %s", s2c_hash_algo ? s2c_hash_algo->name : "<implicit>"))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	927
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	928 /* compression_algorithms_client_to_server */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	929 c2s_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL);
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	930 if (c2s_comp_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	931 erralgo = "comp c->s";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	932 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	933 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	934 DEBUG2(("comp c2s is %s", c2s_comp_algo->name))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	935
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	936 /* compression_algorithms_server_to_client */
1678 4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	937 s2c_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL);
116 2010f4119c1a Check for non-matching algos properly Matt Johnston <matt@ucc.asn.au> parents: 84 diff changeset	938 if (s2c_comp_algo == NULL) {
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	939 erralgo = "comp s->c";
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	940 goto error;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	941 }
1895 3bfacfc996cf changed TRACE to DEBUG2 for dbclient HansH111 <hans@atbas.org> parents: 1743 diff changeset	942 DEBUG2(("comp s2c is %s", s2c_comp_algo->name))
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	943
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	944 /* languages_client_to_server */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	945 buf_eatstring(ses.payload);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	946
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	947 /* languages_server_to_client */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	948 buf_eatstring(ses.payload);
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	949
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	950 /* their first_kex_packet_follows */
179 161557a9dde8 * fix longstanding bug with connections being closed on failure to Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	951 if (buf_getbool(ses.payload)) {
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	952 TRACE(("them kex firstfollows. allgood %d", allgood))
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	953 ses.kexstate.them_firstfollows = 1;
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	954 /* if the guess wasn't good, we ignore the packet sent */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	955 if (!allgood) {
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	956 ses.ignorenext = 1;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	957 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	958 }
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	959
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	960 /* Handle the asymmetry */
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	961 if (IS_DROPBEAR_CLIENT) {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	962 ses.newkeys->recv.algo_crypt =
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	963 (struct dropbear_cipher*)s2c_cipher_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	964 ses.newkeys->trans.algo_crypt =
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	965 (struct dropbear_cipher*)c2s_cipher_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	966 ses.newkeys->recv.crypt_mode =
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	967 (struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	968 ses.newkeys->trans.crypt_mode =
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	969 (struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	970 ses.newkeys->recv.algo_mac =
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	971 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	972 s2c_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac :
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	973 #endif
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	974 (struct dropbear_hash*)s2c_hash_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	975 ses.newkeys->trans.algo_mac =
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	976 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	977 c2s_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac :
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	978 #endif
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	979 (struct dropbear_hash*)c2s_hash_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	980 ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	981 ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	982 } else {
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	983 /* SERVER */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	984 ses.newkeys->recv.algo_crypt =
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	985 (struct dropbear_cipher*)c2s_cipher_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	986 ses.newkeys->trans.algo_crypt =
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	987 (struct dropbear_cipher*)s2c_cipher_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	988 ses.newkeys->recv.crypt_mode =
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	989 (struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	990 ses.newkeys->trans.crypt_mode =
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	991 (struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	992 ses.newkeys->recv.algo_mac =
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	993 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	994 c2s_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac :
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	995 #endif
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	996 (struct dropbear_hash*)c2s_hash_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	997 ses.newkeys->trans.algo_mac =
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	998 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	999 s2c_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac :
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1659 diff changeset	1000 #endif
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	1001 (struct dropbear_hash*)s2c_hash_algo->data;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	1002 ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 502 diff changeset	1003 ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
36 a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	1004 }
a600c015562d Handle differing c2s and s2c algorithms properly Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	1005
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	1006 #if DROPBEAR_FUZZ
1357 08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1355 diff changeset	1007 if (fuzz.fuzzing) {
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1355 diff changeset	1008 fuzz_kex_fakealgos();
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1355 diff changeset	1009 }
1347 b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	1010 #endif
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	1011
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1012 /* reserved for future extensions */
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1013 buf_getint(ses.payload);
739 d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	1014
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	1015 if (ses.send_kex_first_guess && allgood) {
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	1016 TRACE(("our_first_follows_matches 1"))
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	1017 ses.kexstate.our_first_follows_matches = 1;
d44325108d0e first_kex_packet_follows working, needs tidying Matt Johnston <matt@ucc.asn.au> parents: 712 diff changeset	1018 }
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1019 return;
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1020
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1021 error:
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 575 diff changeset	1022 dropbear_exit("No matching algo %s", erralgo);
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 22 diff changeset	1023 }

Mercurial > dropbear

annotate common-kex.c @ 1902:4a6725ac957c