dropbear: common-kex.c comparison

comparison common-kex.c @ 641:2b1bb792cd4d dropbear-tfm

- Update tfm changes to current default tip

author	Matt Johnston <matt@ucc.asn.au>
date	Mon, 21 Nov 2011 19:52:28 +0800
parents	76097ec1a29a 3aa74a4d83ae
children	33fd2f3499d2

comparison

equal deleted inserted replaced

-:76097ec1a29a
+:2b1bb792cd4d
 #include "kex.h"
 #include "ssh.h"
 #include "packet.h"
 #include "bignum.h"
 #include "random.h"
+#include "runopts.h"
 /* diffie-hellman-group1-sha1 value for p */
-static const unsigned char dh_p_val[] = {
+#define DH_P_1_LEN 128
+static const unsigned char dh_p_1[DH_P_1_LEN] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
 	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
 	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
 	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
 	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
 	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
 	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
 	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-#define DH_P_LEN sizeof(dh_p_val)
+/* diffie-hellman-group14-sha1 value for p */
+#define DH_P_14_LEN 256
+static const unsigned char dh_p_14[DH_P_14_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF};
+/* Same for group1 and group14 */
 static const int DH_G_VAL = 2;
 static void kexinitialise();
 void gen_new_keys();
 #ifndef DISABLE_ZLIB
 	/* mac_algorithms_server_to_client */
 	buf_put_algolist(ses.writepayload, sshhashes);
 	/* compression_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 	/* compression_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 	/* languages_client_to_server */
 	buf_putstring(ses.writepayload, "", 0);
 	/* languages_server_to_client */
 }
 /* Set up the kex for the first time */
 void kexfirstinitialise() {
 	ses.kexstate.donefirstkex = 0;
+#ifndef DISABLE_ZLIB
+	if (opts.enable_compress) {
+		ses.compress_algos = ssh_compress;
+	} else
+#endif
+	{
+		ses.compress_algos = ssh_nocompress;
+	}
 	kexinitialise();
 }
 /* Reset the kex state, ready for a new negotiation */
 static void kexinitialise() {
 		memcpy(&out[SHA1_HASH_SIZE], k2, outlen - SHA1_HASH_SIZE);
 	}
 }
 /* Generate the actual encryption/integrity keys, using the results of the
-* key exchange, as specified in section 5.2 of the IETF secsh-transport
+* key exchange, as specified in section 7.2 of the transport rfc 4253.
-* draft. This occurs after the DH key-exchange.
+* This occurs after the DH key-exchange.
 *
 * ses.newkeys is the new set of keys which are generated, these are only
 * taken into use after both sides have sent a newkeys message */
 /* Originally from kex.c, generalized for cli/svr mode --mihnea */
 	if (IS_DROPBEAR_CLIENT) {
 	    trans_IV	= C2S_IV;
 	    recv_IV		= S2C_IV;
 	    trans_key	= C2S_key;
 	    recv_key	= S2C_key;
-	    C2S_keysize = ses.newkeys->trans_algo_crypt->keysize;
+	    C2S_keysize = ses.newkeys->trans.algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->recv_algo_crypt->keysize;
+	    S2C_keysize = ses.newkeys->recv.algo_crypt->keysize;
 		mactransletter = 'E';
 		macrecvletter = 'F';
 	} else {
 	    trans_IV	= S2C_IV;
 	    recv_IV		= C2S_IV;
 	    trans_key	= S2C_key;
 	    recv_key	= C2S_key;
-	    C2S_keysize = ses.newkeys->recv_algo_crypt->keysize;
+	    C2S_keysize = ses.newkeys->recv.algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->trans_algo_crypt->keysize;
+	    S2C_keysize = ses.newkeys->trans.algo_crypt->keysize;
 		mactransletter = 'F';
 		macrecvletter = 'E';
 	}
 	hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
 	hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
 	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
 	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
-	recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name);
+	recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
 	if (recv_cipher < 0)
-	    dropbear_exit("crypto error");
+	    dropbear_exit("Crypto error");
-	if (ses.newkeys->recv_crypt_mode->start(recv_cipher,
+	if (ses.newkeys->recv.crypt_mode->start(recv_cipher,
 			recv_IV, recv_key,
-			ses.newkeys->recv_algo_crypt->keysize, 0,
+			ses.newkeys->recv.algo_crypt->keysize, 0,
-			&ses.newkeys->recv_cipher_state) != CRYPT_OK) {
+			&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
-		dropbear_exit("crypto error");
+		dropbear_exit("Crypto error");
 	}
-	trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name);
+	trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
 	if (trans_cipher < 0)
-	    dropbear_exit("crypto error");
+	    dropbear_exit("Crypto error");
-	if (ses.newkeys->trans_crypt_mode->start(trans_cipher,
+	if (ses.newkeys->trans.crypt_mode->start(trans_cipher,
 			trans_IV, trans_key,
-			ses.newkeys->trans_algo_crypt->keysize, 0,
+			ses.newkeys->trans.algo_crypt->keysize, 0,
-			&ses.newkeys->trans_cipher_state) != CRYPT_OK) {
+			&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
-		dropbear_exit("crypto error");
+		dropbear_exit("Crypto error");
 	}
 	/* MAC keys */
-	hashkeys(ses.newkeys->transmackey,
+	hashkeys(ses.newkeys->trans.mackey,
-			ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter);
+			ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
-	hashkeys(ses.newkeys->recvmackey,
+	hashkeys(ses.newkeys->recv.mackey,
-			ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter);
+			ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
+	ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hashdesc->name),
+	ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hashdesc->name),
 #ifndef DISABLE_ZLIB
 	gen_new_zstreams();
 #endif
 }
 #ifndef DISABLE_ZLIB
 int is_compress_trans() {
-	return ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB
+	return ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB
 		|| (ses.authstate.authdone
-			&& ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
+			&& ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
 }
 int is_compress_recv() {
-	return ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB
+	return ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB
 		|| (ses.authstate.authdone
-			&& ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
+			&& ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
 }
 /* Set up new zlib compression streams, close the old ones. Only
 * called from gen_new_keys() */
 static void gen_new_zstreams() {
 	/* create new zstreams */
-	if (ses.newkeys->recv_algo_comp == DROPBEAR_COMP_ZLIB
+	if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB
-			|| ses.newkeys->recv_algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
+			|| ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
-		ses.newkeys->recv_zstream = (z_streamp)m_malloc(sizeof(z_stream));
+		ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->recv_zstream->zalloc = Z_NULL;
+		ses.newkeys->recv.zstream->zalloc = Z_NULL;
-		ses.newkeys->recv_zstream->zfree = Z_NULL;
+		ses.newkeys->recv.zstream->zfree = Z_NULL;
-		if (inflateInit(ses.newkeys->recv_zstream) != Z_OK) {
+		if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) {
 			dropbear_exit("zlib error");
 		}
 	} else {
-		ses.newkeys->recv_zstream = NULL;
+		ses.newkeys->recv.zstream = NULL;
 	}
-	if (ses.newkeys->trans_algo_comp == DROPBEAR_COMP_ZLIB
+	if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB
-			|| ses.newkeys->trans_algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
+			|| ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
-		ses.newkeys->trans_zstream = (z_streamp)m_malloc(sizeof(z_stream));
+		ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->trans_zstream->zalloc = Z_NULL;
+		ses.newkeys->trans.zstream->zalloc = Z_NULL;
-		ses.newkeys->trans_zstream->zfree = Z_NULL;
+		ses.newkeys->trans.zstream->zfree = Z_NULL;
-		if (deflateInit(ses.newkeys->trans_zstream, Z_DEFAULT_COMPRESSION)
+		if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION,
+					Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS,
+					DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY)
 				!= Z_OK) {
 			dropbear_exit("zlib error");
 		}
 	} else {
-		ses.newkeys->trans_zstream = NULL;
+		ses.newkeys->trans.zstream = NULL;
 	}
 	/* clean up old keys */
-	if (ses.keys->recv_zstream != NULL) {
+	if (ses.keys->recv.zstream != NULL) {
-		if (inflateEnd(ses.keys->recv_zstream) == Z_STREAM_ERROR) {
+		if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
 			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("crypto error");
+			dropbear_exit("Crypto error");
 		}
-		m_free(ses.keys->recv_zstream);
+		m_free(ses.keys->recv.zstream);
 	}
-	if (ses.keys->trans_zstream != NULL) {
+	if (ses.keys->trans.zstream != NULL) {
-		if (deflateEnd(ses.keys->trans_zstream) == Z_STREAM_ERROR) {
+		if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
 			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("crypto error");
+			dropbear_exit("Crypto error");
 		}
-		m_free(ses.keys->trans_zstream);
+		m_free(ses.keys->trans.zstream);
 	}
 }
 #endif /* DISABLE_ZLIB */
 	ses.kexstate.recvkexinit = 1;
 	TRACE(("leave recv_msg_kexinit"))
 }
+static void load_dh_p(mp_int * dh_p)
+{
+	switch (ses.newkeys->algo_kex) {
+		case DROPBEAR_KEX_DH_GROUP1:
+			bytes_to_fp(dh_p, dh_p_1, DH_P_1_LEN);
+			break;
+		case DROPBEAR_KEX_DH_GROUP14:
+			bytes_to_fp(dh_p, dh_p_14, DH_P_14_LEN);
+			break;
+	}
+}
 /* Initialises and generate one side of the diffie-hellman key exchange values.
-* See the ietf-secsh-transport draft, section 6, for details */
+* See the transport rfc 4253 section 8 for details */
 /* dh_pub and dh_priv MUST be already initialised */
 void gen_kexdh_vals(fp_int *dh_pub, fp_int *dh_priv) {
 	DEF_FP_INT(dh_p);
 	DEF_FP_INT(dh_q);
 	TRACE(("enter send_msg_kexdh_reply"))
 	m_fp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
 	/* read the prime and generator*/
-	bytes_to_fp(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN);
+	load_dh_p(&dh_p);
 	fp_set(&dh_g, DH_G_VAL);
 	/* calculate q = (p-1)/2 */
 	/* dh_priv is just a temp var here */
 	fp_int *dh_e = NULL, *dh_f = NULL;
 	hash_state hs;
 	/* read the prime and generator*/
 	m_fp_init(&dh_p);
-	bytes_to_fp(&dh_p, dh_p_val, DH_P_LEN);
+	load_dh_p(&dh_p);
 	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
 	if (fp_cmp(dh_pub_them, &dh_p) != FP_LT
 			|| fp_cmp_d(dh_pub_them, 0) != FP_GT) {
 		dropbear_exit("Diffie-Hellman error");
 		goto error;
 	}
 	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 	/* compression_algorithms_client_to_server */
+<<<<<<< mine
 	c2s_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
 	if (c2s_cofp_algo == NULL) {
+=======
+	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
+	if (c2s_comp_algo == NULL) {
+>>>>>>> theirs
 		erralgo = "comp c->s";
 		goto error;
 	}
 	TRACE(("hash c2s is  %s", c2s_cofp_algo->name))
 	/* compression_algorithms_server_to_client */
+<<<<<<< mine
 	s2c_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
 	if (s2c_cofp_algo == NULL) {
+=======
+	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
+	if (s2c_comp_algo == NULL) {
+>>>>>>> theirs
 		erralgo = "comp s->c";
 		goto error;
 	}
 	TRACE(("hash s2c is  %s", s2c_cofp_algo->name))
 		}
 	}
 	/* Handle the asymmetry */
 	if (IS_DROPBEAR_CLIENT) {
-		ses.newkeys->recv_algo_crypt =
+		ses.newkeys->recv.algo_crypt =
 			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->trans_algo_crypt =
+		ses.newkeys->trans.algo_crypt =
 			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->recv_crypt_mode =
+		ses.newkeys->recv.crypt_mode =
 			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
-		ses.newkeys->trans_crypt_mode =
+		ses.newkeys->trans.crypt_mode =
 			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
-		ses.newkeys->recv_algo_mac =
+		ses.newkeys->recv.algo_mac =
 			(struct dropbear_hash*)s2c_hash_algo->data;
-		ses.newkeys->trans_algo_mac =
+		ses.newkeys->trans.algo_mac =
 			(struct dropbear_hash*)c2s_hash_algo->data;
+<<<<<<< mine
 		ses.newkeys->recv_algo_comp = s2c_cofp_algo->val;
 		ses.newkeys->trans_algo_comp = c2s_cofp_algo->val;
+=======
+		ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
+		ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
+>>>>>>> theirs
 	} else {
 		/* SERVER */
-		ses.newkeys->recv_algo_crypt =
+		ses.newkeys->recv.algo_crypt =
 			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->trans_algo_crypt =
+		ses.newkeys->trans.algo_crypt =
 			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->recv_crypt_mode =
+		ses.newkeys->recv.crypt_mode =
 			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
-		ses.newkeys->trans_crypt_mode =
+		ses.newkeys->trans.crypt_mode =
 			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
-		ses.newkeys->recv_algo_mac =
+		ses.newkeys->recv.algo_mac =
 			(struct dropbear_hash*)c2s_hash_algo->data;
-		ses.newkeys->trans_algo_mac =
+		ses.newkeys->trans.algo_mac =
 			(struct dropbear_hash*)s2c_hash_algo->data;
+<<<<<<< mine
 		ses.newkeys->recv_algo_comp = c2s_cofp_algo->val;
 		ses.newkeys->trans_algo_comp = s2c_cofp_algo->val;
+=======
+		ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
+		ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
+>>>>>>> theirs
 	}
 	/* reserved for future extensions */
 	buf_getint(ses.payload);
 	return;
 error:
-	dropbear_exit("no matching algo %s", erralgo);
+	dropbear_exit("No matching algo %s", erralgo);
 }

Mercurial > dropbear

comparison common-kex.c @ 641:2b1bb792cd4d dropbear-tfm