*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
#include <openssl/crypto.h>
#define KEX_COOKIE_LEN 16
-/* Use privilege separation for sshd */
-int use_privsep;
-struct monitor *pmonitor;
-
-
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
/* parse buffer and return algorithm proposal */
static char **
-kex_buf2prop(Buffer *raw)
+kex_buf2prop(Buffer *raw, int *first_kex_follows)
{
Buffer b;
int i;
}
/* first kex follows / reserved */
i = buffer_get_char(&b);
+ if (first_kex_follows != NULL)
+ *first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b);
debug2("kex_parse_kexinit: reserved %d ", i);
/* packet_write_wait(); */
debug("SSH2_MSG_NEWKEYS sent");
- debug("waiting for SSH2_MSG_NEWKEYS");
+ debug("expecting SSH2_MSG_NEWKEYS");
packet_read_expect(SSH2_MSG_NEWKEYS);
packet_check_eom();
debug("SSH2_MSG_NEWKEYS received");
kex_choose_conf(kex);
- switch (kex->kex_type) {
- case DH_GRP1_SHA1:
- kexdh(kex);
- break;
- case DH_GEX_SHA1:
- kexgex(kex);
- break;
-#ifdef GSSAPI
- case GSS_GRP1_SHA1:
- kexgss(kex);
- break;
-#endif
- default:
+ if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
+ kex->kex[kex->kex_type] != NULL) {
+ (kex->kex[kex->kex_type])(kex);
+ } else {
fatal("Unsupported key exchange %d", kex->kex_type);
}
}
if (k->name == NULL)
fatal("No key exchange algorithm");
if (strcmp(k->name, KEX_DH1) == 0) {
- k->kex_type = DH_GRP1_SHA1;
+ k->kex_type = KEX_DH_GRP1_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
- k->kex_type = DH_GEX_SHA1;
+ k->kex_type = KEX_DH_GEX_SHA1;
#ifdef GSSAPI
- } else if (strncmp(k->name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) == 0) {
- k->kex_type = GSS_GRP1_SHA1;
+ } else if (strncmp(k->name, KEX_GSS_SHA1,
+ sizeof(KEX_GSS_SHA1)-1) == 0) {
+ k->kex_type = KEX_GSS_GRP1_SHA1;
#endif
} else
fatal("bad kex alg %s", k->name);
xfree(hostkeyalg);
}
+static int
+proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+{
+ static int check[] = {
+ PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
+ };
+ int *idx;
+ char *p;
+
+ for (idx = &check[0]; *idx != -1; idx++) {
+ if ((p = strchr(my[*idx], ',')) != NULL)
+ *p = '\0';
+ if ((p = strchr(peer[*idx], ',')) != NULL)
+ *p = '\0';
+ if (strcmp(my[*idx], peer[*idx]) != 0) {
+ debug2("proposal mismatch: my %s peer %s",
+ my[*idx], peer[*idx]);
+ return (0);
+ }
+ }
+ debug2("proposals match");
+ return (1);
+}
+
static void
kex_choose_conf(Kex *kex)
{
int mode;
int ctos; /* direction: if true client-to-server */
int need;
+ int first_kex_follows, type;
- my = kex_buf2prop(&kex->my);
- peer = kex_buf2prop(&kex->peer);
+ my = kex_buf2prop(&kex->my, NULL);
+ peer = kex_buf2prop(&kex->peer, &first_kex_follows);
if (kex->server) {
cprop=peer;
/* XXX need runden? */
kex->we_need = need;
+ /* ignore the next message if the proposals do not match */
+ if (first_kex_follows && !proposals_match(my, peer) &&
+ !(datafellows & SSH_BUG_FIRSTKEX)) {
+ type = packet_read();
+ debug2("skipping next packet (type %u)", type);
+ }
+
kex_prop_free(my);
kex_prop_free(peer);
}
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
- debug("kex_derive_keys");
+ debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;
-/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
};
enum kex_exchange {
- DH_GRP1_SHA1,
- DH_GEX_SHA1,
- GSS_GRP1_SHA1
+ KEX_DH_GRP1_SHA1,
+ KEX_DH_GEX_SHA1,
+ KEX_GSS_GRP1_SHA1,
+ KEX_MAX
};
#define KEX_INIT_SENT 0x0001
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
struct KexOptions options;
+ void (*kex[KEX_MAX])(Kex *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, BIGNUM *);
-void kexdh(Kex *);
-void kexgex(Kex *);
+Newkeys *kex_get_newkeys(int);
+
+void kexdh_client(Kex *);
+void kexdh_server(Kex *);
+void kexgex_client(Kex *);
+void kexgex_server(Kex *);
+void kexgex_client(Kex *);
+void kexgex_server(Kex *);
#ifdef GSSAPI
-void kexgss(Kex *);
+void kexgss_client(Kex *);
+void kexgss_server(Kex *);
#endif
-Newkeys *kex_get_newkeys(int);
+u_char *
+kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *);
+u_char *
+kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
+u_char *
+#ifdef GSSAPI
+kex_gssapi_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *);
+#endif
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);