Lines Matching defs:ssh
40 #include "ssh.h"
63 static int kex_choose_conf(struct ssh *, uint32_t seq);
64 static int kex_input_newkeys(int, u_int32_t, struct ssh *);
86 kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
92 const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
102 if ((cp = kex_names_cat(kexalgos, ssh->kex->server ?
110 prop[i] = compat_kex_proposal(ssh, cp);
231 kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
236 if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
237 ssh_packet_disconnect(ssh, "strict KEX violation: "
241 if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
242 (r = sshpkt_put_u32(ssh, seq)) != 0 ||
243 (r = sshpkt_send(ssh)) != 0)
249 kex_reset_dispatch(struct ssh *ssh)
251 ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN,
256 kex_set_server_sig_algs(struct ssh *ssh, const char *allowed_algs)
271 free(ssh->kex->server_sig_algs);
272 ssh->kex->server_sig_algs = NULL;
280 if (ssh->kex->server_sig_algs != NULL &&
281 kex_has_any_alg(sigalg, ssh->kex->server_sig_algs))
283 xextendf(&ssh->kex->server_sig_algs, ",", "%s", sigalg);
287 if (ssh->kex->server_sig_algs == NULL)
288 ssh->kex->server_sig_algs = xstrdup("");
292 kex_compose_ext_info_server(struct ssh *ssh, struct sshbuf *m)
296 if (ssh->kex->server_sig_algs == NULL &&
297 (ssh->kex->server_sig_algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
301 (r = sshbuf_put_cstring(m, ssh->kex->server_sig_algs)) != 0 ||
314 kex_compose_ext_info_client(struct ssh *ssh, struct sshbuf *m)
331 kex_maybe_send_ext_info(struct ssh *ssh)
336 if ((ssh->kex->flags & KEX_INITIAL) == 0)
338 if (!ssh->kex->ext_info_c && !ssh->kex->ext_info_s)
344 if (ssh->kex->ext_info_c &&
345 (r = kex_compose_ext_info_server(ssh, m)) != 0)
347 if (ssh->kex->ext_info_s &&
348 (r = kex_compose_ext_info_client(ssh, m)) != 0)
353 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
354 (r = sshpkt_putb(ssh, m)) != 0 ||
355 (r = sshpkt_send(ssh)) != 0) {
368 kex_server_update_ext_info(struct ssh *ssh)
372 if ((ssh->kex->flags & KEX_HAS_EXT_INFO_IN_AUTH) == 0)
376 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
377 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
378 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
379 (r = sshpkt_put_cstring(ssh, ssh->kex->server_sig_algs)) != 0 ||
380 (r = sshpkt_send(ssh)) != 0) {
388 kex_send_newkeys(struct ssh *ssh)
392 kex_reset_dispatch(ssh);
393 if ((r = sshpkt_start(ssh, SSH2_MSG_NEWKEYS)) != 0 ||
394 (r = sshpkt_send(ssh)) != 0)
397 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys);
398 if ((r = kex_maybe_send_ext_info(ssh)) != 0)
422 kex_ext_info_client_parse(struct ssh *ssh, const char *name,
435 free(ssh->kex->server_sig_algs);
436 ssh->kex->server_sig_algs = xstrdup((const char *)value);
437 } else if (ssh->kex->ext_info_received == 1 &&
439 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
443 } else if (ssh->kex->ext_info_received == 1 &&
445 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
456 kex_ext_info_server_parse(struct ssh *ssh, const char *name,
462 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
472 kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
474 struct kex *kex = ssh->kex;
485 return dispatch_protocol_error(type, seq, ssh);
487 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
488 if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
493 return dispatch_protocol_error(type, seq, ssh);
496 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
498 if ((r = sshpkt_get_string(ssh, &val, &vlen)) != 0) {
504 if ((r = kex_ext_info_server_parse(ssh, name,
508 if ((r = kex_ext_info_client_parse(ssh, name,
515 return sshpkt_get_end(ssh);
519 kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
521 struct kex *kex = ssh->kex;
527 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
528 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
529 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
530 if ((r = sshpkt_get_end(ssh)) != 0)
532 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
547 if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
567 kex_send_kexinit(struct ssh *ssh)
570 struct kex *kex = ssh->kex;
593 if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 ||
594 (r = sshpkt_putb(ssh, kex->my)) != 0 ||
595 (r = sshpkt_send(ssh)) != 0) {
605 kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
607 struct kex *kex = ssh->kex;
618 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
619 ptr = sshpkt_ptr(ssh, &dlen);
625 if ((r = sshpkt_get_u8(ssh, NULL)) != 0) {
631 if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
646 if ((r = sshpkt_get_u8(ssh, NULL)) != 0 || /* first_kex_follows */
647 (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* reserved */
648 (r = sshpkt_get_end(ssh)) != 0)
652 if ((r = kex_send_kexinit(ssh)) != 0)
654 if ((r = kex_choose_conf(ssh, seq)) != 0)
658 return (kex->kex[kex->kex_type])(ssh);
742 kex_ready(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
746 if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0)
748 ssh->kex->flags = KEX_INITIAL;
749 kex_reset_dispatch(ssh);
750 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
755 kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
759 if ((r = kex_ready(ssh, proposal)) != 0)
761 if ((r = kex_send_kexinit(ssh)) != 0) { /* we start */
762 kex_free(ssh->kex);
763 ssh->kex = NULL;
774 kex_start_rekex(struct ssh *ssh)
776 if (ssh->kex == NULL) {
780 if (ssh->kex->done == 0) {
784 ssh->kex->done = 0;
785 return kex_send_kexinit(ssh);
811 choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
919 kex_choose_conf(struct ssh *ssh, uint32_t seq)
921 struct kex *kex = ssh->kex;
958 ssh_packet_disconnect(ssh,
1007 (r = choose_mac(ssh, &newkeys->mac, cprop[nmac],
1043 ssh->dispatch_skip_packets = 1;
1052 derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
1055 struct kex *kex = ssh->kex;
1117 kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
1120 struct kex *kex = ssh->kex;
1138 if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
1156 kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp)
1158 struct kex *kex = ssh->kex;
1168 kex->hostkey_nid, ssh);
1170 kex->hostkey_nid, ssh);
1177 kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
1179 struct kex *kex = ssh->kex;
1189 if (kex->verify_host_key(server_host_key, ssh) == -1)
1208 send_error(struct ssh *ssh, char *msg)
1212 if (!ssh->kex->server)
1215 if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
1217 atomicio(vwrite, ssh_packet_get_connection_out(ssh),
1228 kex_exchange_identification(struct ssh *ssh, int timeout_ms,
1235 struct sshbuf *our_version = ssh->kex->server ?
1236 ssh->kex->server_version : ssh->kex->client_version;
1237 struct sshbuf *peer_version = ssh->kex->server ?
1238 ssh->kex->client_version : ssh->kex->server_version;
1255 if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
1279 send_error(ssh, "No SSH identification string "
1290 r = waitrfd(ssh_packet_get_connection_in(ssh),
1293 send_error(ssh, "Timed out waiting "
1307 len = atomicio(read, ssh_packet_get_connection_in(ssh),
1351 if (ssh->kex->server) {
1379 send_error(ssh, "Invalid SSH identification string.");
1385 compat_banner(ssh, remote_version);
1402 send_error(ssh, "Protocol major versions differ.");
1407 if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) {
1409 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1414 if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) {
1416 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),