Mercurial > dropbear
comparison cli-kex.c @ 801:7dcb46da72d9 ecc
merge in HEAD
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 21 May 2013 12:09:35 +0800 |
| parents | 5503e05ab3a4 2f1c199b6e4b |
| children | f4bb964c8678 6c69e7df3621 |
comparison
equal
deleted
inserted
replaced
| 799:c344607b7341 | 801:7dcb46da72d9 |
|---|---|
| 41 | 41 |
| 42 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen); | 42 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen); |
| 43 #define MAX_KNOWNHOSTS_LINE 4500 | 43 #define MAX_KNOWNHOSTS_LINE 4500 |
| 44 | 44 |
| 45 void send_msg_kexdh_init() { | 45 void send_msg_kexdh_init() { |
| 46 TRACE(("send_msg_kexdh_init()")) | |
| 47 | |
| 46 CHECKCLEARTOWRITE(); | 48 CHECKCLEARTOWRITE(); |
| 47 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); | 49 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); |
| 48 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) { | 50 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) { |
| 49 cli_ses.dh_param = gen_kexdh_param(); | 51 if (ses.newkeys->algo_kex != cli_ses.param_kex_algo |
| 52 || !cli_ses.dh_param) { | |
| 53 if (cli_ses.dh_param) { | |
| 54 free_kexdh_param(cli_ses.dh_param); | |
| 55 } | |
| 56 cli_ses.dh_param = gen_kexdh_param(); | |
| 57 } | |
| 50 buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); | 58 buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); |
| 51 } else { | 59 } else { |
| 52 #ifdef DROPBEAR_ECDH | 60 #ifdef DROPBEAR_ECDH |
| 53 cli_ses.ecdh_param = gen_kexecdh_param(); | 61 if (ses.newkeys->algo_kex != cli_ses.param_kex_algo |
| 62 || !cli_ses.ecdh_param) { | |
| 63 if (cli_ses.ecdh_param) { | |
| 64 free_kexecdh_param(cli_ses.ecdh_param); | |
| 65 } | |
| 66 cli_ses.ecdh_param = gen_kexecdh_param(); | |
| 67 } | |
| 54 buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); | 68 buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); |
| 55 #endif | 69 #endif |
| 56 } | 70 } |
| 71 cli_ses.param_kex_algo = ses.newkeys->algo_kex; | |
| 57 encrypt_packet(); | 72 encrypt_packet(); |
| 58 ses.requirenext = SSH_MSG_KEXDH_REPLY; | 73 ses.requirenext[0] = SSH_MSG_KEXDH_REPLY; |
| 74 ses.requirenext[1] = SSH_MSG_KEXINIT; | |
| 59 } | 75 } |
| 60 | 76 |
| 61 /* Handle a diffie-hellman key exchange reply. */ | 77 /* Handle a diffie-hellman key exchange reply. */ |
| 62 void recv_msg_kexdh_reply() { | 78 void recv_msg_kexdh_reply() { |
| 63 | 79 |
| 103 buffer *ecdh_qs = buf_getstringbuf(ses.payload); | 119 buffer *ecdh_qs = buf_getstringbuf(ses.payload); |
| 104 kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); | 120 kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); |
| 105 buf_free(ecdh_qs); | 121 buf_free(ecdh_qs); |
| 106 #endif | 122 #endif |
| 107 } | 123 } |
| 108 free_kexdh_param(cli_ses.dh_param); | 124 |
| 109 cli_ses.dh_param = NULL; | 125 if (cli_ses.dh_param) { |
| 110 | 126 free_kexdh_param(cli_ses.dh_param); |
| 111 if (buf_verify(ses.payload, hostkey, ses.hash) | 127 cli_ses.dh_param = NULL; |
| 112 != DROPBEAR_SUCCESS) { | 128 } |
| 129 #ifdef DROPBEAR_ECDH | |
| 130 if (cli_ses.ecdh_param) { | |
| 131 free_kexecdh_param(cli_ses.ecdh_param); | |
| 132 cli_ses.ecdh_param = NULL; | |
| 133 } | |
| 134 #endif | |
| 135 | |
| 136 cli_ses.param_kex_algo = NULL; | |
| 137 if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) { | |
| 113 dropbear_exit("Bad hostkey signature"); | 138 dropbear_exit("Bad hostkey signature"); |
| 114 } | 139 } |
| 115 | 140 |
| 116 sign_key_free(hostkey); | 141 sign_key_free(hostkey); |
| 117 hostkey = NULL; | 142 hostkey = NULL; |
| 118 | 143 |
| 119 send_msg_newkeys(); | 144 send_msg_newkeys(); |
| 120 ses.requirenext = SSH_MSG_NEWKEYS; | 145 ses.requirenext[0] = SSH_MSG_NEWKEYS; |
| 146 ses.requirenext[1] = 0; | |
| 121 TRACE(("leave recv_msg_kexdh_init")) | 147 TRACE(("leave recv_msg_kexdh_init")) |
| 122 } | 148 } |
| 123 | 149 |
| 124 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) { | 150 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) { |
| 125 | 151 |
| 224 const char *algoname = NULL; | 250 const char *algoname = NULL; |
| 225 char * fingerprint = NULL; | 251 char * fingerprint = NULL; |
| 226 buffer * line = NULL; | 252 buffer * line = NULL; |
| 227 int ret; | 253 int ret; |
| 228 | 254 |
| 255 if (cli_opts.no_hostkey_check) { | |
| 256 fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost); | |
| 257 return; | |
| 258 } | |
| 259 | |
| 229 hostsfile = open_known_hosts_file(&readonly); | 260 hostsfile = open_known_hosts_file(&readonly); |
| 230 if (!hostsfile) { | 261 if (!hostsfile) { |
| 231 ask_to_confirm(keyblob, keybloblen); | 262 ask_to_confirm(keyblob, keybloblen); |
| 232 /* ask_to_confirm will exit upon failure */ | 263 /* ask_to_confirm will exit upon failure */ |
| 233 return; | 264 return; |
| 253 } | 284 } |
| 254 | 285 |
| 255 /* Compare hostnames */ | 286 /* Compare hostnames */ |
| 256 if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen), | 287 if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen), |
| 257 hostlen) != 0) { | 288 hostlen) != 0) { |
| 258 TRACE(("hosts don't match")) | |
| 259 continue; | 289 continue; |
| 260 } | 290 } |
| 261 | 291 |
| 262 buf_incrpos(line, hostlen); | 292 buf_incrpos(line, hostlen); |
| 263 if (buf_getbyte(line) != ' ') { | 293 if (buf_getbyte(line) != ' ') { |