Mercurial > dropbear
annotate common-kex.c @ 1743:7d8462677355 fuzz
Disallow extra kexinit messages
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 18 Oct 2020 22:17:54 +0800 |
parents | 8f93f37c01de |
children | 3bfacfc996cf |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
36
diff
changeset
|
2 * Dropbear SSH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
33 | 4 * Copyright (c) 2002-2004 Matt Johnston |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * Portions Copyright (c) 2004 by Mihnea Stoenescu |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "algo.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "session.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "kex.h" |
1224
82e2037d34ea
Move dh group constants to a separate file
Matt Johnston <matt@ucc.asn.au>
parents:
1175
diff
changeset
|
32 #include "dh_groups.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "ssh.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "packet.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "bignum.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
36 #include "dbrandom.h" |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
555
diff
changeset
|
37 #include "runopts.h" |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
38 #include "ecc.h" |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1607
diff
changeset
|
39 #include "curve25519.h" |
766 | 40 #include "crypto_desc.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
42 static void kexinitialise(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
43 static void gen_new_keys(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 #ifndef DISABLE_ZLIB |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
45 static void gen_new_zstream_recv(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
46 static void gen_new_zstream_trans(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #endif |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
48 static void read_kex_algos(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 /* helper function for gen_new_keys */ |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
50 static void hashkeys(unsigned char *out, unsigned int outlen, |
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
51 const hash_state * hs, const unsigned char X); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 /* Send our list of algorithms we can use */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 void send_msg_kexinit() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 CHECKCLEARTOWRITE(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 /* cookie */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 genrandom(buf_getwriteptr(ses.writepayload, 16), 16); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 buf_incrwritepos(ses.writepayload, 16); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 /* kex algos */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 buf_put_algolist(ses.writepayload, sshkex); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 /* server_host_key_algorithms */ |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
68 buf_put_algolist(ses.writepayload, sigalgs); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
70 /* encryption_algorithms_client_to_server */ |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
71 buf_put_algolist(ses.writepayload, sshciphers); |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
72 |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
73 /* encryption_algorithms_server_to_client */ |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
74 buf_put_algolist(ses.writepayload, sshciphers); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
76 /* mac_algorithms_client_to_server */ |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
77 buf_put_algolist(ses.writepayload, sshhashes); |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
78 |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
79 /* mac_algorithms_server_to_client */ |
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
80 buf_put_algolist(ses.writepayload, sshhashes); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 /* compression_algorithms_client_to_server */ |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
555
diff
changeset
|
84 buf_put_algolist(ses.writepayload, ses.compress_algos); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 /* compression_algorithms_server_to_client */ |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
555
diff
changeset
|
87 buf_put_algolist(ses.writepayload, ses.compress_algos); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 /* languages_client_to_server */ |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
90 buf_putstring(ses.writepayload, "", 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 /* languages_server_to_client */ |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
93 buf_putstring(ses.writepayload, "", 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
95 /* first_kex_packet_follows */ |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
96 buf_putbyte(ses.writepayload, (ses.send_kex_first_guess != NULL)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 /* reserved unit32 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 buf_putint(ses.writepayload, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 /* set up transmitted kex packet buffer for hashing. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 * This is freed after the end of the kex */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 ses.transkexinit = buf_newcopy(ses.writepayload); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 encrypt_packet(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 ses.dataallowed = 0; /* don't send other packets during kex */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
108 ses.kexstate.sentkexinit = 1; |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
109 |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
110 ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
111 |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
112 if (ses.send_kex_first_guess) { |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
113 ses.newkeys->algo_kex = first_usable_algo(sshkex)->data; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
114 ses.newkeys->algo_signature = first_usable_algo(sigalgs)->val; |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
115 ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature); |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
116 ses.send_kex_first_guess(); |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
117 } |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
118 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
119 TRACE(("DATAALLOWED=0")) |
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
120 TRACE(("-> KEXINIT")) |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
121 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 |
771 | 124 static void switch_keys() { |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
125 TRACE2(("enter switch_keys")) |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
126 if (!(ses.kexstate.sentkexinit && ses.kexstate.recvkexinit)) { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
127 dropbear_exit("Unexpected newkeys message"); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
128 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
129 |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
130 if (!ses.keys) { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
131 ses.keys = m_malloc(sizeof(*ses.newkeys)); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
132 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
133 if (ses.kexstate.recvnewkeys && ses.newkeys->recv.valid) { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
134 TRACE(("switch_keys recv")) |
781
f110d321fe7a
Fix build when zlib is disabled, from
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
135 #ifndef DISABLE_ZLIB |
771 | 136 gen_new_zstream_recv(); |
781
f110d321fe7a
Fix build when zlib is disabled, from
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
137 #endif |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
138 ses.keys->recv = ses.newkeys->recv; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
139 m_burn(&ses.newkeys->recv, sizeof(ses.newkeys->recv)); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
140 ses.newkeys->recv.valid = 0; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
141 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
142 if (ses.kexstate.sentnewkeys && ses.newkeys->trans.valid) { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
143 TRACE(("switch_keys trans")) |
781
f110d321fe7a
Fix build when zlib is disabled, from
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
144 #ifndef DISABLE_ZLIB |
771 | 145 gen_new_zstream_trans(); |
781
f110d321fe7a
Fix build when zlib is disabled, from
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
146 #endif |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
147 ses.keys->trans = ses.newkeys->trans; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
148 m_burn(&ses.newkeys->trans, sizeof(ses.newkeys->trans)); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
149 ses.newkeys->trans.valid = 0; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
150 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
151 if (ses.kexstate.sentnewkeys && ses.kexstate.recvnewkeys) |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
152 { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
153 TRACE(("switch_keys done")) |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
154 ses.keys->algo_kex = ses.newkeys->algo_kex; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
155 ses.keys->algo_hostkey = ses.newkeys->algo_hostkey; |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
156 ses.keys->algo_signature = ses.newkeys->algo_signature; |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
157 ses.keys->allow_compress = 0; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
158 m_free(ses.newkeys); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
159 ses.newkeys = NULL; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
160 kexinitialise(); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
161 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
162 TRACE2(("leave switch_keys")) |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
163 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 /* Bring new keys into use after a key exchange, and let the client know*/ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 void send_msg_newkeys() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
168 TRACE(("enter send_msg_newkeys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 /* generate the kexinit request */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 CHECKCLEARTOWRITE(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 encrypt_packet(); |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
174 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 /* set up our state */ |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
177 ses.kexstate.sentnewkeys = 1; |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
178 if (ses.kexstate.donefirstkex) { |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
179 ses.kexstate.donesecondkex = 1; |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
180 } |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
181 ses.kexstate.donefirstkex = 1; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
182 ses.dataallowed = 1; /* we can send other packets again now */ |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
183 gen_new_keys(); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
184 switch_keys(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
186 TRACE(("leave send_msg_newkeys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 /* Bring the new keys into use after a key exchange */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 void recv_msg_newkeys() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
192 TRACE(("enter recv_msg_newkeys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
194 ses.kexstate.recvnewkeys = 1; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
195 switch_keys(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
197 TRACE(("leave recv_msg_newkeys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 |
33 | 201 /* Set up the kex for the first time */ |
202 void kexfirstinitialise() { | |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
203 #ifdef DISABLE_ZLIB |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
204 ses.compress_algos = ssh_nocompress; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
205 #else |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
206 switch (opts.compress_mode) |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
207 { |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
208 case DROPBEAR_COMPRESS_DELAYED: |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
209 ses.compress_algos = ssh_delaycompress; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
210 break; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
211 |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
212 case DROPBEAR_COMPRESS_ON: |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
213 ses.compress_algos = ssh_compress; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
214 break; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
215 |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
216 case DROPBEAR_COMPRESS_OFF: |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
217 ses.compress_algos = ssh_nocompress; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
218 break; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
987
diff
changeset
|
219 } |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
555
diff
changeset
|
220 #endif |
33 | 221 kexinitialise(); |
222 } | |
223 | |
224 /* Reset the kex state, ready for a new negotiation */ | |
225 static void kexinitialise() { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
227 TRACE(("kexinitialise()")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 /* sent/recv'd MSG_KEXINIT */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 ses.kexstate.sentkexinit = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 ses.kexstate.recvkexinit = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 /* sent/recv'd MSG_NEWKEYS */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 ses.kexstate.recvnewkeys = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 ses.kexstate.sentnewkeys = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 /* first_packet_follows */ |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
238 ses.kexstate.them_firstfollows = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 ses.kexstate.datatrans = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 ses.kexstate.datarecv = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
243 ses.kexstate.our_first_follows_matches = 0; |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
244 |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
907
diff
changeset
|
245 ses.kexstate.lastkextime = monotonic_now(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 * already initialised hash_state hs, which should already have processed |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 * |
409
0e69e948caba
Add comments about requiring keysize <= 2*SHA1_HASH_SIZE
Matt Johnston <matt@ucc.asn.au>
parents:
257
diff
changeset
|
254 * See Section 7.2 of rfc4253 (ssh transport) for details */ |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
255 static void hashkeys(unsigned char *out, unsigned int outlen, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 const hash_state * hs, const unsigned char X) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
258 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
259 hash_state hs2; |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
260 unsigned int offset; |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
261 unsigned char tmpout[MAX_HASH_SIZE]; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 memcpy(&hs2, hs, sizeof(hash_state)); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
264 hash_desc->process(&hs2, &X, 1); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
265 hash_desc->process(&hs2, ses.session_id->data, ses.session_id->len); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
266 hash_desc->done(&hs2, tmpout); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
267 memcpy(out, tmpout, MIN(hash_desc->hashsize, outlen)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
268 for (offset = hash_desc->hashsize; |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
648
diff
changeset
|
269 offset < outlen; |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
270 offset += hash_desc->hashsize) |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
648
diff
changeset
|
271 { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 /* need to extend */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 memcpy(&hs2, hs, sizeof(hash_state)); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
274 hash_desc->process(&hs2, out, offset); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
275 hash_desc->done(&hs2, tmpout); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
276 memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 } |
987
ed85797bbc85
clear hash state memory after use
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
278 m_burn(&hs2, sizeof(hash_state)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
279 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
280 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 /* Generate the actual encryption/integrity keys, using the results of the |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
282 * key exchange, as specified in section 7.2 of the transport rfc 4253. |
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
283 * This occurs after the DH key-exchange. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 * ses.newkeys is the new set of keys which are generated, these are only |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 * taken into use after both sides have sent a newkeys message */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
287 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
288 static void gen_new_keys() { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 unsigned char C2S_IV[MAX_IV_LEN]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 unsigned char C2S_key[MAX_KEY_LEN]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 unsigned char S2C_IV[MAX_IV_LEN]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 unsigned char S2C_key[MAX_KEY_LEN]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
294 /* unsigned char key[MAX_KEY_LEN]; */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
295 unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
296 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
297 hash_state hs; |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
298 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 char mactransletter, macrecvletter; /* Client or server specific */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
300 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
301 TRACE(("enter gen_new_keys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 /* the dh_K and hash are the start of all hashes, we make use of that */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
304 hash_desc->init(&hs); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
305 hash_process_mp(hash_desc, &hs, ses.dh_K); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
306 mp_clear(ses.dh_K); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
307 m_free(ses.dh_K); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
308 hash_desc->process(&hs, ses.hash->data, ses.hash->len); |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
309 buf_burn(ses.hash); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
310 buf_free(ses.hash); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
311 ses.hash = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
312 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
313 if (IS_DROPBEAR_CLIENT) { |
1250 | 314 trans_IV = C2S_IV; |
315 recv_IV = S2C_IV; | |
316 trans_key = C2S_key; | |
317 recv_key = S2C_key; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
318 mactransletter = 'E'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 macrecvletter = 'F'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 } else { |
1250 | 321 trans_IV = S2C_IV; |
322 recv_IV = C2S_IV; | |
323 trans_key = S2C_key; | |
324 recv_key = C2S_key; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
325 mactransletter = 'F'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 macrecvletter = 'E'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
327 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
329 hashkeys(C2S_IV, sizeof(C2S_IV), &hs, 'A'); |
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
330 hashkeys(S2C_IV, sizeof(S2C_IV), &hs, 'B'); |
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
331 hashkeys(C2S_key, sizeof(C2S_key), &hs, 'C'); |
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
332 hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D'); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
333 |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
334 if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) { |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
335 int recv_cipher = -1; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
336 if (ses.newkeys->recv.algo_crypt->cipherdesc->name != NULL) { |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
337 recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name); |
1700
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
338 if (recv_cipher < 0) { |
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
339 dropbear_exit("Crypto error"); |
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
340 } |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
341 } |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
342 if (ses.newkeys->recv.crypt_mode->start(recv_cipher, |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
343 recv_IV, recv_key, |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
344 ses.newkeys->recv.algo_crypt->keysize, 0, |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
345 &ses.newkeys->recv.cipher_state) != CRYPT_OK) { |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
346 dropbear_exit("Crypto error"); |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
347 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 } |
502 | 349 |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
350 if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) { |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
351 int trans_cipher = -1; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
352 if (ses.newkeys->trans.algo_crypt->cipherdesc->name != NULL) { |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
353 trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name); |
1700
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
354 if (trans_cipher < 0) { |
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
355 dropbear_exit("Crypto error"); |
56f636f84bf5
Fix indentation and add braces
Matt Johnston <matt@ucc.asn.au>
parents:
1692
diff
changeset
|
356 } |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
357 } |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
358 if (ses.newkeys->trans.crypt_mode->start(trans_cipher, |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
359 trans_IV, trans_key, |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
360 ses.newkeys->trans.algo_crypt->keysize, 0, |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
361 &ses.newkeys->trans.cipher_state) != CRYPT_OK) { |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
362 dropbear_exit("Crypto error"); |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
363 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
364 } |
512
0129fd8ccc71
Update nocrypto branch to current head
Matt Johnston <matt@ucc.asn.au>
parents:
511
diff
changeset
|
365 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
366 if (ses.newkeys->trans.algo_mac->hash_desc != NULL) { |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
367 hashkeys(ses.newkeys->trans.mackey, |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
368 ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
369 ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hash_desc->name); |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
370 } |
712
bf0ac0512ef7
Fix "-m none" case and ugly typo
Matt Johnston <matt@ucc.asn.au>
parents:
684
diff
changeset
|
371 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
372 if (ses.newkeys->recv.algo_mac->hash_desc != NULL) { |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
373 hashkeys(ses.newkeys->recv.mackey, |
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
374 ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
375 ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hash_desc->name); |
252
29afa62b5450
- a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
376 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
377 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
378 /* Ready to switch over */ |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
379 ses.newkeys->trans.valid = 1; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
746
diff
changeset
|
380 ses.newkeys->recv.valid = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
381 |
648
4222a1039b06
Clear a few buffers when possible
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
382 m_burn(C2S_IV, sizeof(C2S_IV)); |
4222a1039b06
Clear a few buffers when possible
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
383 m_burn(C2S_key, sizeof(C2S_key)); |
4222a1039b06
Clear a few buffers when possible
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
384 m_burn(S2C_IV, sizeof(S2C_IV)); |
4222a1039b06
Clear a few buffers when possible
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
385 m_burn(S2C_key, sizeof(S2C_key)); |
987
ed85797bbc85
clear hash state memory after use
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
386 m_burn(&hs, sizeof(hash_state)); |
648
4222a1039b06
Clear a few buffers when possible
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
387 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
388 TRACE(("leave gen_new_keys")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
389 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
390 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 #ifndef DISABLE_ZLIB |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
392 |
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
393 int is_compress_trans() { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
394 return ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
395 || (ses.authstate.authdone |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
396 && ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY); |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
397 } |
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
398 |
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
399 int is_compress_recv() { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
400 return ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
401 || (ses.authstate.authdone |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
402 && ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY); |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
403 } |
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
404 |
1365
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
405 static void* dropbear_zalloc(void* UNUSED(opaque), uInt items, uInt size) { |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
406 return m_calloc(items, size); |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
407 } |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
408 |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
409 static void dropbear_zfree(void* UNUSED(opaque), void* ptr) { |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
410 m_free(ptr); |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
411 } |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
412 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
413 /* Set up new zlib compression streams, close the old ones. Only |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 * called from gen_new_keys() */ |
771 | 415 static void gen_new_zstream_recv() { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
417 /* create new zstreams */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
418 if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
419 || ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) { |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
420 ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream)); |
1365
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
421 ses.newkeys->recv.zstream->zalloc = dropbear_zalloc; |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
422 ses.newkeys->recv.zstream->zfree = dropbear_zfree; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
423 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
424 if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
425 dropbear_exit("zlib error"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
426 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
427 } else { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
428 ses.newkeys->recv.zstream = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
429 } |
771 | 430 /* clean up old keys */ |
431 if (ses.keys->recv.zstream != NULL) { | |
432 if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) { | |
433 /* Z_DATA_ERROR is ok, just means that stream isn't ended */ | |
434 dropbear_exit("Crypto error"); | |
435 } | |
436 m_free(ses.keys->recv.zstream); | |
437 } | |
438 } | |
439 | |
440 static void gen_new_zstream_trans() { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
441 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
442 if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
443 || ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) { |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
444 ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream)); |
1365
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
445 ses.newkeys->trans.zstream->zalloc = dropbear_zalloc; |
9aa6cd66b51d
zlib can use m_malloc/m_free too
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
446 ses.newkeys->trans.zstream->zfree = dropbear_zfree; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
447 |
555
daf52f813328
- Add option to change zlib windowBits/memLevel
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
448 if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION, |
daf52f813328
- Add option to change zlib windowBits/memLevel
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
449 Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS, |
daf52f813328
- Add option to change zlib windowBits/memLevel
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
450 DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
451 != Z_OK) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
452 dropbear_exit("zlib error"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
453 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
454 } else { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
455 ses.newkeys->trans.zstream = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
456 } |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
457 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
458 if (ses.keys->trans.zstream != NULL) { |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
459 if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
460 /* Z_DATA_ERROR is ok, just means that stream isn't ended */ |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
461 dropbear_exit("Crypto error"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
462 } |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
463 m_free(ses.keys->trans.zstream); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
464 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
465 } |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
466 #endif /* DISABLE_ZLIB */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
467 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
468 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
469 /* Executed upon receiving a kexinit message from the client to initiate |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 * key exchange. If we haven't already done so, we send the list of our |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
471 * preferred algorithms. The client's requested algorithms are processed, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
472 * and we calculate the first portion of the key-exchange-hash for used |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
473 * later in the key exchange. No response is sent, as the client should |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
474 * initiate the diffie-hellman key exchange */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
475 void recv_msg_kexinit() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
476 |
257
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
477 unsigned int kexhashbuf_len = 0; |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
478 unsigned int remote_ident_len = 0; |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
479 unsigned int local_ident_len = 0; |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
480 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
481 TRACE(("<- KEXINIT")) |
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
482 TRACE(("enter recv_msg_kexinit")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
483 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
484 if (!ses.kexstate.sentkexinit) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
485 /* we need to send a kex packet */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
486 send_msg_kexinit(); |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
487 TRACE(("continue recv_msg_kexinit: sent kexinit")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
488 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
489 |
1743
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
490 /* "Once a party has sent a SSH_MSG_KEXINIT message ... |
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
491 further SSH_MSG_KEXINIT messages MUST NOT be sent" */ |
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
492 if (ses.kexstate.recvkexinit) { |
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
493 dropbear_exit("Unexpected KEXINIT"); |
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
494 } |
7d8462677355
Disallow extra kexinit messages
Matt Johnston <matt@ucc.asn.au>
parents:
1702
diff
changeset
|
495 |
257
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
496 /* start the kex hash */ |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
497 local_ident_len = strlen(LOCAL_IDENT); |
1108
2ebf450edc2d
Turn sshsession's remoteident attribute into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
498 remote_ident_len = strlen(ses.remoteident); |
257
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
499 |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
500 kexhashbuf_len = local_ident_len + remote_ident_len |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
501 + ses.transkexinit->len + ses.payload->len |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
502 + KEXHASHBUF_MAX_INTS; |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
503 |
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
504 ses.kexhashbuf = buf_new(kexhashbuf_len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
505 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
506 if (IS_DROPBEAR_CLIENT) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
507 |
26 | 508 /* read the peer's choice of algos */ |
33 | 509 read_kex_algos(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
510 |
26 | 511 /* V_C, the client's version string (CR and NL excluded) */ |
1250 | 512 buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); |
26 | 513 /* V_S, the server's version string (CR and NL excluded) */ |
1250 | 514 buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
515 |
26 | 516 /* I_C, the payload of the client's SSH_MSG_KEXINIT */ |
1250 | 517 buf_putstring(ses.kexhashbuf, |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
518 (const char*)ses.transkexinit->data, ses.transkexinit->len); |
26 | 519 /* I_S, the payload of the server's SSH_MSG_KEXINIT */ |
1250 | 520 buf_setpos(ses.payload, ses.payload_beginning); |
521 buf_putstring(ses.kexhashbuf, | |
522 (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), | |
523 ses.payload->len-ses.payload->pos); | |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
524 ses.requirenext = SSH_MSG_KEXDH_REPLY; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
525 } else { |
26 | 526 /* SERVER */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
527 |
26 | 528 /* read the peer's choice of algos */ |
33 | 529 read_kex_algos(); |
26 | 530 /* V_C, the client's version string (CR and NL excluded) */ |
1250 | 531 buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); |
26 | 532 /* V_S, the server's version string (CR and NL excluded) */ |
1250 | 533 buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
534 |
26 | 535 /* I_C, the payload of the client's SSH_MSG_KEXINIT */ |
1250 | 536 buf_setpos(ses.payload, ses.payload_beginning); |
537 buf_putstring(ses.kexhashbuf, | |
538 (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), | |
539 ses.payload->len-ses.payload->pos); | |
257
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
540 |
26 | 541 /* I_S, the payload of the server's SSH_MSG_KEXINIT */ |
1250 | 542 buf_putstring(ses.kexhashbuf, |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
543 (const char*)ses.transkexinit->data, ses.transkexinit->len); |
257
63601217f5ab
* options.h, common-kex.c: fix support of 4096 byte host keys
Matt Johnston <matt@ucc.asn.au>
parents:
228
diff
changeset
|
544 |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
545 ses.requirenext = SSH_MSG_KEXDH_INIT; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
546 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
547 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
548 buf_free(ses.transkexinit); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
549 ses.transkexinit = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
550 /* the rest of ses.kexhashbuf will be done after DH exchange */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
551 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
552 ses.kexstate.recvkexinit = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
553 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
554 TRACE(("leave recv_msg_kexinit")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
555 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
556 |
1702
8f93f37c01de
Allow DH to be completely disabled (#97)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1700
diff
changeset
|
557 #if DROPBEAR_NORMAL_DH |
595
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
558 static void load_dh_p(mp_int * dh_p) |
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
559 { |
756 | 560 bytes_to_mp(dh_p, ses.newkeys->algo_kex->dh_p_bytes, |
561 ses.newkeys->algo_kex->dh_p_len); | |
595
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
562 } |
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
563 |
26 | 564 /* Initialises and generate one side of the diffie-hellman key exchange values. |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
565 * See the transport rfc 4253 section 8 for details */ |
84
29a5c7c62350
default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents:
79
diff
changeset
|
566 /* dh_pub and dh_priv MUST be already initialised */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
567 struct kex_dh_param *gen_kexdh_param() { |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
568 struct kex_dh_param *param = NULL; |
26 | 569 |
84
29a5c7c62350
default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents:
79
diff
changeset
|
570 DEF_MP_INT(dh_p); |
29a5c7c62350
default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents:
79
diff
changeset
|
571 DEF_MP_INT(dh_q); |
29a5c7c62350
default initialisers for mp_ints
Matt Johnston <matt@ucc.asn.au>
parents:
79
diff
changeset
|
572 DEF_MP_INT(dh_g); |
26 | 573 |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
574 TRACE(("enter gen_kexdh_vals")) |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
575 |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
576 param = m_malloc(sizeof(*param)); |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
577 m_mp_init_multi(¶m->pub, ¶m->priv, &dh_g, &dh_p, &dh_q, NULL); |
26 | 578 |
579 /* read the prime and generator*/ | |
595
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
580 load_dh_p(&dh_p); |
26 | 581 |
1692
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1683
diff
changeset
|
582 mp_set_ul(&dh_g, DH_G_VAL); |
26 | 583 |
584 /* calculate q = (p-1)/2 */ | |
585 /* dh_priv is just a temp var here */ | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
586 if (mp_sub_d(&dh_p, 1, ¶m->priv) != MP_OKAY) { |
26 | 587 dropbear_exit("Diffie-Hellman error"); |
588 } | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
589 if (mp_div_2(¶m->priv, &dh_q) != MP_OKAY) { |
26 | 590 dropbear_exit("Diffie-Hellman error"); |
591 } | |
592 | |
188
c9483550701b
- refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
593 /* Generate a private portion 0 < dh_priv < dh_q */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
594 gen_random_mpint(&dh_q, ¶m->priv); |
26 | 595 |
596 /* f = g^y mod p */ | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
597 if (mp_exptmod(&dh_g, ¶m->priv, &dh_p, ¶m->pub) != MP_OKAY) { |
26 | 598 dropbear_exit("Diffie-Hellman error"); |
599 } | |
600 mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL); | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
601 return param; |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
602 } |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
603 |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
604 void free_kexdh_param(struct kex_dh_param *param) |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
605 { |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
606 mp_clear_multi(¶m->pub, ¶m->priv, NULL); |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
607 m_free(param); |
26 | 608 } |
609 | |
610 /* This function is fairly common between client/server, with some substitution | |
611 * of dh_e/dh_f etc. Hence these arguments: | |
612 * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is | |
613 * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */ | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
614 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, |
26 | 615 sign_key *hostkey) { |
616 | |
1013
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
617 DEF_MP_INT(dh_p); |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
618 DEF_MP_INT(dh_p_min1); |
26 | 619 mp_int *dh_e = NULL, *dh_f = NULL; |
620 | |
1013
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
621 m_mp_init_multi(&dh_p, &dh_p_min1, NULL); |
595
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
622 load_dh_p(&dh_p); |
26 | 623 |
1013
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
624 if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
625 dropbear_exit("Diffie-Hellman error"); |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
626 } |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
627 |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
628 /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
629 if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT |
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
630 || mp_cmp_d(dh_pub_them, 1) != MP_GT) { |
26 | 631 dropbear_exit("Diffie-Hellman error"); |
632 } | |
633 | |
634 /* K = e^y mod p = f^x mod p */ | |
805
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
635 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
636 if (mp_exptmod(dh_pub_them, ¶m->priv, &dh_p, ses.dh_K) != MP_OKAY) { |
26 | 637 dropbear_exit("Diffie-Hellman error"); |
638 } | |
639 | |
640 /* clear no longer needed vars */ | |
1013
a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
641 mp_clear_multi(&dh_p, &dh_p_min1, NULL); |
26 | 642 |
643 /* From here on, the code needs to work with the _same_ vars on each side, | |
644 * not vice-versaing for client/server */ | |
645 if (IS_DROPBEAR_CLIENT) { | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
646 dh_e = ¶m->pub; |
26 | 647 dh_f = dh_pub_them; |
648 } else { | |
649 dh_e = dh_pub_them; | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
650 dh_f = ¶m->pub; |
26 | 651 } |
652 | |
653 /* Create the remainder of the hash buffer, to generate the exchange hash */ | |
654 /* K_S, the host key */ | |
655 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); | |
656 /* e, exchange value sent by the client */ | |
657 buf_putmpint(ses.kexhashbuf, dh_e); | |
658 /* f, exchange value sent by the server */ | |
659 buf_putmpint(ses.kexhashbuf, dh_f); | |
660 /* K, the shared secret */ | |
661 buf_putmpint(ses.kexhashbuf, ses.dh_K); | |
662 | |
663 /* calculate the hash H to sign */ | |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
664 finish_kexhashbuf(); |
26 | 665 } |
1702
8f93f37c01de
Allow DH to be completely disabled (#97)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1700
diff
changeset
|
666 #endif |
26 | 667 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
668 #if DROPBEAR_ECDH |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
669 struct kex_ecdh_param *gen_kexecdh_param() { |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
670 struct kex_ecdh_param *param = m_malloc(sizeof(*param)); |
756 | 671 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
672 ¶m->key, ses.newkeys->algo_kex->ecc_curve->dp) != CRYPT_OK) { |
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
673 dropbear_exit("ECC error"); |
756 | 674 } |
675 return param; | |
676 } | |
677 | |
678 void free_kexecdh_param(struct kex_ecdh_param *param) { | |
679 ecc_free(¶m->key); | |
680 m_free(param); | |
681 | |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
682 } |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
683 void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them, |
756 | 684 sign_key *hostkey) { |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
685 const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex; |
857 | 686 /* public keys from client and server */ |
756 | 687 ecc_key *Q_C, *Q_S, *Q_them; |
688 | |
765
5503e05ab3a4
- Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string()
Matt Johnston <matt@ucc.asn.au>
parents:
763
diff
changeset
|
689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); |
1128
a9e074b78cd5
check ecc key return, fix null pointer crash
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
690 if (Q_them == NULL) { |
a9e074b78cd5
check ecc key return, fix null pointer crash
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
691 dropbear_exit("ECC error"); |
a9e074b78cd5
check ecc key return, fix null pointer crash
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
692 } |
757 | 693 |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
694 ses.dh_K = dropbear_ecc_shared_secret(Q_them, ¶m->key); |
756 | 695 |
848 | 696 /* Create the remainder of the hash buffer, to generate the exchange hash |
697 See RFC5656 section 4 page 7 */ | |
756 | 698 if (IS_DROPBEAR_CLIENT) { |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
699 Q_C = ¶m->key; |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
700 Q_S = Q_them; |
756 | 701 } else { |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
702 Q_C = Q_them; |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
703 Q_S = ¶m->key; |
756 | 704 } |
705 | |
706 /* K_S, the host key */ | |
707 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); | |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
708 /* Q_C, client's ephemeral public key octet string */ |
765
5503e05ab3a4
- Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string()
Matt Johnston <matt@ucc.asn.au>
parents:
763
diff
changeset
|
709 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
757
diff
changeset
|
710 /* Q_S, server's ephemeral public key octet string */ |
765
5503e05ab3a4
- Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string()
Matt Johnston <matt@ucc.asn.au>
parents:
763
diff
changeset
|
711 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_S); |
756 | 712 /* K, the shared secret */ |
713 buf_putmpint(ses.kexhashbuf, ses.dh_K); | |
714 | |
1607
0bdbb9ecc403
avoid leak of ecdh public key
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
715 ecc_free(Q_them); |
0bdbb9ecc403
avoid leak of ecdh public key
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
716 m_free(Q_them); |
0bdbb9ecc403
avoid leak of ecdh public key
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
717 |
756 | 718 /* calculate the hash H to sign */ |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
719 finish_kexhashbuf(); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
720 } |
848 | 721 #endif /* DROPBEAR_ECDH */ |
722 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
723 #if DROPBEAR_CURVE25519 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1607
diff
changeset
|
724 struct kex_curve25519_param *gen_kexcurve25519_param() { |
848 | 725 /* Per http://cr.yp.to/ecdh.html */ |
726 struct kex_curve25519_param *param = m_malloc(sizeof(*param)); | |
727 const unsigned char basepoint[32] = {9}; | |
728 | |
729 genrandom(param->priv, CURVE25519_LEN); | |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1607
diff
changeset
|
730 dropbear_curve25519_scalarmult(param->pub, param->priv, basepoint); |
848 | 731 |
732 return param; | |
733 } | |
734 | |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1607
diff
changeset
|
735 void free_kexcurve25519_param(struct kex_curve25519_param *param) { |
848 | 736 m_burn(param->priv, CURVE25519_LEN); |
737 m_free(param); | |
738 } | |
739 | |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1402
diff
changeset
|
740 void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them, |
848 | 741 sign_key *hostkey) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
742 unsigned char out[CURVE25519_LEN]; |
848 | 743 const unsigned char* Q_C = NULL; |
744 const unsigned char* Q_S = NULL; | |
1175
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
745 char zeroes[CURVE25519_LEN] = {0}; |
848 | 746 |
747 if (buf_pub_them->len != CURVE25519_LEN) | |
748 { | |
749 dropbear_exit("Bad curve25519"); | |
750 } | |
751 | |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1607
diff
changeset
|
752 dropbear_curve25519_scalarmult(out, param->priv, buf_pub_them->data); |
1175
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
753 |
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
754 if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) { |
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
755 dropbear_exit("Bad curve25519"); |
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
756 } |
1b8afc698e39
check for zero K value from curve25519
Matt Johnston <matt@ucc.asn.au>
parents:
1128
diff
changeset
|
757 |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
758 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
848 | 759 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
760 m_burn(out, sizeof(out)); |
848 | 761 |
762 /* Create the remainder of the hash buffer, to generate the exchange hash. | |
763 See RFC5656 section 4 page 7 */ | |
764 if (IS_DROPBEAR_CLIENT) { | |
765 Q_C = param->pub; | |
766 Q_S = buf_pub_them->data; | |
767 } else { | |
768 Q_S = param->pub; | |
769 Q_C = buf_pub_them->data; | |
770 } | |
771 | |
772 /* K_S, the host key */ | |
773 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); | |
774 /* Q_C, client's ephemeral public key octet string */ | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
775 buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN); |
848 | 776 /* Q_S, server's ephemeral public key octet string */ |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
777 buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN); |
848 | 778 /* K, the shared secret */ |
779 buf_putmpint(ses.kexhashbuf, ses.dh_K); | |
780 | |
781 /* calculate the hash H to sign */ | |
782 finish_kexhashbuf(); | |
783 } | |
784 #endif /* DROPBEAR_CURVE25519 */ | |
785 | |
786 | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1411
diff
changeset
|
787 void finish_kexhashbuf(void) { |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
788 hash_state hs; |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
789 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
790 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
791 hash_desc->init(&hs); |
26 | 792 buf_setpos(ses.kexhashbuf, 0); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
793 hash_desc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len), |
26 | 794 ses.kexhashbuf->len); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
795 ses.hash = buf_new(hash_desc->hashsize); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
796 hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
797 buf_setlen(ses.hash, hash_desc->hashsize); |
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
798 |
1402
553c6bb80265
fix DEBUG_* condition
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
799 #if defined(DEBUG_KEXHASH) && DEBUG_TRACE |
907
4a74c58e11fc
Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
800 if (!debug_trace) { |
4a74c58e11fc
Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
801 printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len); |
4a74c58e11fc
Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
802 printhex("kexhash", ses.hash->data, ses.hash->len); |
4a74c58e11fc
Make some debug info conditional
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
803 } |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
804 #endif |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
805 |
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
806 buf_burn(ses.kexhashbuf); |
26 | 807 buf_free(ses.kexhashbuf); |
987
ed85797bbc85
clear hash state memory after use
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
808 m_burn(&hs, sizeof(hash_state)); |
26 | 809 ses.kexhashbuf = NULL; |
810 | |
811 /* first time around, we set the session_id to H */ | |
812 if (ses.session_id == NULL) { | |
813 /* create the session_id, this never needs freeing */ | |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
814 ses.session_id = buf_newcopy(ses.hash); |
26 | 815 } |
816 } | |
817 | |
818 /* read the other side's algo list. buf_match_algo is a callback to match | |
819 * algos for the client or server. */ | |
33 | 820 static void read_kex_algos() { |
26 | 821 |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
822 /* for asymmetry */ |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
823 algo_type * c2s_hash_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
824 algo_type * s2c_hash_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
825 algo_type * c2s_cipher_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
826 algo_type * s2c_cipher_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
827 algo_type * c2s_comp_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
828 algo_type * s2c_comp_algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
829 /* the generic one */ |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
830 algo_type * algo = NULL; |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
831 |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
832 /* which algo couldn't match */ |
26 | 833 char * erralgo = NULL; |
834 | |
835 int goodguess = 0; | |
836 int allgood = 1; /* we AND this with each goodguess and see if its still | |
837 true after */ | |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
838 int kexguess2 = 0; |
740 | 839 |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
840 buf_incrpos(ses.payload, 16); /* start after the cookie */ |
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
841 |
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
842 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); |
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
843 |
26 | 844 /* kex_algorithms */ |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
845 #if DROPBEAR_KEXGUESS2 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
846 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
847 kexguess2 = 1; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
848 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
849 #endif |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
850 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
851 #if DROPBEAR_EXT_INFO |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
852 /* Determine if SSH_MSG_EXT_INFO messages should be sent. |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
853 Should be done for the first key exchange. Only required on server side |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
854 for server-sig-algs */ |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
855 if (IS_DROPBEAR_SERVER) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
856 if (!ses.kexstate.donefirstkex) { |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
857 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
858 ses.allow_ext_info = 1; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
859 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
860 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
861 } |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
862 #endif |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
863 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
864 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); |
26 | 865 allgood &= goodguess; |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
866 if (algo == NULL || algo->data == NULL) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
867 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ |
26 | 868 erralgo = "kex"; |
869 goto error; | |
870 } | |
740 | 871 TRACE(("kexguess2 %d", kexguess2)) |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
116
diff
changeset
|
872 TRACE(("kex algo %s", algo->name)) |
756 | 873 ses.newkeys->algo_kex = algo->data; |
26 | 874 |
875 /* server_host_key_algorithms */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
876 algo = buf_match_algo(ses.payload, sigalgs, kexguess2, &goodguess); |
26 | 877 allgood &= goodguess; |
878 if (algo == NULL) { | |
879 erralgo = "hostkey"; | |
880 goto error; | |
881 } | |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
882 TRACE(("signature algo %s", algo->name)) |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
883 ses.newkeys->algo_signature = algo->val; |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
884 ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature); |
26 | 885 |
886 /* encryption_algorithms_client_to_server */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
887 c2s_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL); |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
888 if (c2s_cipher_algo == NULL) { |
26 | 889 erralgo = "enc c->s"; |
890 goto error; | |
891 } | |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
892 TRACE(("enc c2s is %s", c2s_cipher_algo->name)) |
26 | 893 |
894 /* encryption_algorithms_server_to_client */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
895 s2c_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL); |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
896 if (s2c_cipher_algo == NULL) { |
26 | 897 erralgo = "enc s->c"; |
898 goto error; | |
899 } | |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
900 TRACE(("enc s2c is %s", s2c_cipher_algo->name)) |
26 | 901 |
902 /* mac_algorithms_client_to_server */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
903 c2s_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL); |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
904 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
905 if (((struct dropbear_cipher_mode*)c2s_cipher_algo->mode)->aead_crypt != NULL) { |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
906 c2s_hash_algo = NULL; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
907 } else |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
908 #endif |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
909 if (c2s_hash_algo == NULL) { |
26 | 910 erralgo = "mac c->s"; |
911 goto error; | |
912 } | |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
913 TRACE(("hash c2s is %s", c2s_hash_algo ? c2s_hash_algo->name : "<implicit>")) |
26 | 914 |
915 /* mac_algorithms_server_to_client */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
916 s2c_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL); |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
917 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
918 if (((struct dropbear_cipher_mode*)s2c_cipher_algo->mode)->aead_crypt != NULL) { |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
919 s2c_hash_algo = NULL; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
920 } else |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
921 #endif |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
922 if (s2c_hash_algo == NULL) { |
26 | 923 erralgo = "mac s->c"; |
924 goto error; | |
925 } | |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
926 TRACE(("hash s2c is %s", s2c_hash_algo ? s2c_hash_algo->name : "<implicit>")) |
26 | 927 |
928 /* compression_algorithms_client_to_server */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
929 c2s_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL); |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
930 if (c2s_comp_algo == NULL) { |
26 | 931 erralgo = "comp c->s"; |
932 goto error; | |
933 } | |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
934 TRACE(("hash c2s is %s", c2s_comp_algo->name)) |
26 | 935 |
936 /* compression_algorithms_server_to_client */ | |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
937 s2c_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL); |
116
2010f4119c1a
Check for non-matching algos properly
Matt Johnston <matt@ucc.asn.au>
parents:
84
diff
changeset
|
938 if (s2c_comp_algo == NULL) { |
26 | 939 erralgo = "comp s->c"; |
940 goto error; | |
941 } | |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
942 TRACE(("hash s2c is %s", s2c_comp_algo->name)) |
26 | 943 |
944 /* languages_client_to_server */ | |
945 buf_eatstring(ses.payload); | |
946 | |
947 /* languages_server_to_client */ | |
948 buf_eatstring(ses.payload); | |
949 | |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
950 /* their first_kex_packet_follows */ |
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
951 if (buf_getbool(ses.payload)) { |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
952 TRACE(("them kex firstfollows. allgood %d", allgood)) |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
953 ses.kexstate.them_firstfollows = 1; |
26 | 954 /* if the guess wasn't good, we ignore the packet sent */ |
955 if (!allgood) { | |
956 ses.ignorenext = 1; | |
957 } | |
958 } | |
959 | |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
960 /* Handle the asymmetry */ |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
961 if (IS_DROPBEAR_CLIENT) { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
962 ses.newkeys->recv.algo_crypt = |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
963 (struct dropbear_cipher*)s2c_cipher_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
964 ses.newkeys->trans.algo_crypt = |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
965 (struct dropbear_cipher*)c2s_cipher_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
966 ses.newkeys->recv.crypt_mode = |
502 | 967 (struct dropbear_cipher_mode*)s2c_cipher_algo->mode; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
968 ses.newkeys->trans.crypt_mode = |
502 | 969 (struct dropbear_cipher_mode*)c2s_cipher_algo->mode; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
970 ses.newkeys->recv.algo_mac = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
971 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
972 s2c_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac : |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
973 #endif |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
974 (struct dropbear_hash*)s2c_hash_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
975 ses.newkeys->trans.algo_mac = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
976 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
977 c2s_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac : |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
978 #endif |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
979 (struct dropbear_hash*)c2s_hash_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
980 ses.newkeys->recv.algo_comp = s2c_comp_algo->val; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
981 ses.newkeys->trans.algo_comp = c2s_comp_algo->val; |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
982 } else { |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
983 /* SERVER */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
984 ses.newkeys->recv.algo_crypt = |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
985 (struct dropbear_cipher*)c2s_cipher_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
986 ses.newkeys->trans.algo_crypt = |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
987 (struct dropbear_cipher*)s2c_cipher_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
988 ses.newkeys->recv.crypt_mode = |
502 | 989 (struct dropbear_cipher_mode*)c2s_cipher_algo->mode; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
990 ses.newkeys->trans.crypt_mode = |
502 | 991 (struct dropbear_cipher_mode*)s2c_cipher_algo->mode; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
992 ses.newkeys->recv.algo_mac = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
993 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
994 c2s_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac : |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
995 #endif |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
996 (struct dropbear_hash*)c2s_hash_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
997 ses.newkeys->trans.algo_mac = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
998 #if DROPBEAR_AEAD_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
999 s2c_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac : |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
1000 #endif |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
1001 (struct dropbear_hash*)s2c_hash_algo->data; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
1002 ses.newkeys->recv.algo_comp = c2s_comp_algo->val; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
1003 ses.newkeys->trans.algo_comp = s2c_comp_algo->val; |
36
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
1004 } |
a600c015562d
Handle differing c2s and s2c algorithms properly
Matt Johnston <matt@ucc.asn.au>
parents:
35
diff
changeset
|
1005 |
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
1006 #if DROPBEAR_FUZZ |
1357 | 1007 if (fuzz.fuzzing) { |
1008 fuzz_kex_fakealgos(); | |
1009 } | |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
1010 #endif |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
1011 |
26 | 1012 /* reserved for future extensions */ |
1013 buf_getint(ses.payload); | |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
1014 |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
1015 if (ses.send_kex_first_guess && allgood) { |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
1016 TRACE(("our_first_follows_matches 1")) |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
1017 ses.kexstate.our_first_follows_matches = 1; |
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
1018 } |
26 | 1019 return; |
1020 | |
1021 error: | |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
1022 dropbear_exit("No matching algo %s", erralgo); |
26 | 1023 } |