2005-07-05 05:21:44 +04:00
|
|
|
/*
|
2009-03-30 00:19:18 +04:00
|
|
|
* wrapper.c - wrapper for crytpo functions
|
|
|
|
|
*
|
|
|
|
|
* This file is part of the SSH Library
|
|
|
|
|
*
|
2014-01-07 18:18:15 +04:00
|
|
|
* Copyright (c) 2003-2013 by Aris Adamantiadis
|
2009-03-30 00:19:18 +04:00
|
|
|
*
|
|
|
|
|
* The SSH Library is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
|
|
|
* option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* The SSH Library is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
|
|
|
* License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
|
|
|
* along with the SSH Library; see the file COPYING. If not, write to
|
|
|
|
|
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
|
|
|
* MA 02111-1307, USA.
|
|
|
|
|
*/
|
2005-07-05 05:21:44 +04:00
|
|
|
|
2009-03-30 00:19:18 +04:00
|
|
|
/*
|
|
|
|
|
* Why a wrapper?
|
|
|
|
|
*
|
|
|
|
|
* Let's say you want to port libssh from libcrypto of openssl to libfoo
|
|
|
|
|
* you are going to spend hours to remove every references to SHA1_Update()
|
|
|
|
|
* to libfoo_sha1_update after the work is finished, you're going to have
|
|
|
|
|
* only this file to modify it's not needed to say that your modifications
|
|
|
|
|
* are welcome.
|
|
|
|
|
*/
|
2005-07-05 05:21:44 +04:00
|
|
|
|
2009-09-26 02:29:53 +04:00
|
|
|
#include "config.h"
|
2010-05-14 03:22:22 +04:00
|
|
|
|
|
|
|
|
|
2005-10-05 02:11:19 +04:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
2005-07-05 05:21:44 +04:00
|
|
|
#include <string.h>
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2011-09-24 00:54:33 +04:00
|
|
|
#ifdef WITH_ZLIB
|
2011-05-19 01:18:39 +04:00
|
|
|
#include <zlib.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-04-17 18:13:38 +04:00
|
|
|
#include "libssh/priv.h"
|
2009-09-24 01:51:04 +04:00
|
|
|
#include "libssh/session.h"
|
2009-09-26 02:29:53 +04:00
|
|
|
#include "libssh/crypto.h"
|
|
|
|
|
#include "libssh/wrapper.h"
|
2011-08-22 17:22:58 +04:00
|
|
|
#include "libssh/pki.h"
|
2018-02-28 19:24:53 +03:00
|
|
|
#include "libssh/poly1305.h"
|
2015-12-23 14:50:00 +03:00
|
|
|
#include "libssh/dh.h"
|
2019-02-02 18:49:05 +03:00
|
|
|
#ifdef WITH_GEX
|
2018-11-07 18:15:50 +03:00
|
|
|
#include "libssh/dh-gex.h"
|
2019-02-02 18:49:05 +03:00
|
|
|
#endif /* WITH_GEX */
|
2015-12-23 14:50:00 +03:00
|
|
|
#include "libssh/ecdh.h"
|
|
|
|
|
#include "libssh/curve25519.h"
|
2009-04-17 18:38:51 +04:00
|
|
|
|
2014-04-20 14:07:40 +04:00
|
|
|
static struct ssh_hmac_struct ssh_hmac_tab[] = {
|
2019-02-12 11:56:37 +03:00
|
|
|
{ "hmac-sha1", SSH_HMAC_SHA1, false },
|
|
|
|
|
{ "hmac-sha2-256", SSH_HMAC_SHA256, false },
|
|
|
|
|
{ "hmac-sha2-512", SSH_HMAC_SHA512, false },
|
|
|
|
|
{ "hmac-md5", SSH_HMAC_MD5, false },
|
|
|
|
|
{ "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
|
|
|
|
|
{ "aead-gcm", SSH_HMAC_AEAD_GCM, false },
|
|
|
|
|
{ "hmac-sha1-etm@openssh.com", SSH_HMAC_SHA1, true },
|
|
|
|
|
{ "hmac-sha2-256-etm@openssh.com", SSH_HMAC_SHA256, true },
|
|
|
|
|
{ "hmac-sha2-512-etm@openssh.com", SSH_HMAC_SHA512, true },
|
|
|
|
|
{ "hmac-md5-etm@openssh.com", SSH_HMAC_MD5, true },
|
2020-04-28 12:04:59 +03:00
|
|
|
#ifdef WITH_INSECURE_NONE
|
|
|
|
|
{ "none", SSH_HMAC_NONE, false },
|
|
|
|
|
#endif /* WITH_INSECURE_NONE */
|
2019-02-12 11:56:37 +03:00
|
|
|
{ NULL, 0, false }
|
2014-04-20 14:07:40 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ssh_hmac_struct *ssh_get_hmactab(void) {
|
|
|
|
|
return ssh_hmac_tab;
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-20 14:04:21 +04:00
|
|
|
size_t hmac_digest_len(enum ssh_hmac_e type) {
|
|
|
|
|
switch(type) {
|
|
|
|
|
case SSH_HMAC_SHA1:
|
|
|
|
|
return SHA_DIGEST_LEN;
|
|
|
|
|
case SSH_HMAC_SHA256:
|
|
|
|
|
return SHA256_DIGEST_LEN;
|
|
|
|
|
case SSH_HMAC_SHA512:
|
|
|
|
|
return SHA512_DIGEST_LEN;
|
|
|
|
|
case SSH_HMAC_MD5:
|
|
|
|
|
return MD5_DIGEST_LEN;
|
2018-02-28 19:24:53 +03:00
|
|
|
case SSH_HMAC_AEAD_POLY1305:
|
|
|
|
|
return POLY1305_TAGLEN;
|
2018-10-08 14:24:49 +03:00
|
|
|
case SSH_HMAC_AEAD_GCM:
|
|
|
|
|
return AES_GCM_TAGLEN;
|
2014-04-20 14:04:21 +04:00
|
|
|
default:
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-08 22:44:36 +03:00
|
|
|
const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm)
|
2014-04-20 14:09:39 +04:00
|
|
|
{
|
|
|
|
|
int i = 0;
|
|
|
|
|
struct ssh_hmac_struct *ssh_hmactab = ssh_get_hmactab();
|
2019-02-08 22:44:36 +03:00
|
|
|
while (ssh_hmactab[i].name &&
|
|
|
|
|
((ssh_hmactab[i].hmac_type != hmac_type) ||
|
|
|
|
|
(ssh_hmactab[i].etm != etm))) {
|
2014-04-20 14:09:39 +04:00
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
return ssh_hmactab[i].name;
|
|
|
|
|
}
|
|
|
|
|
|
2005-07-05 05:21:44 +04:00
|
|
|
/* it allocates a new cipher structure based on its offset into the global table */
|
2011-09-17 02:20:45 +04:00
|
|
|
static struct ssh_cipher_struct *cipher_new(int offset) {
|
|
|
|
|
struct ssh_cipher_struct *cipher = NULL;
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2011-09-17 02:20:45 +04:00
|
|
|
cipher = malloc(sizeof(struct ssh_cipher_struct));
|
2009-04-17 17:13:14 +04:00
|
|
|
if (cipher == NULL) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* note the memcpy will copy the pointers : so, you shouldn't free them */
|
2010-05-14 03:22:22 +04:00
|
|
|
memcpy(cipher, &ssh_get_ciphertab()[offset], sizeof(*cipher));
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2009-04-17 17:13:14 +04:00
|
|
|
return cipher;
|
2005-07-05 05:21:44 +04:00
|
|
|
}
|
|
|
|
|
|
2015-01-21 17:38:10 +03:00
|
|
|
void ssh_cipher_clear(struct ssh_cipher_struct *cipher){
|
2005-10-05 02:11:19 +04:00
|
|
|
#ifdef HAVE_LIBGCRYPT
|
2017-07-14 22:31:10 +03:00
|
|
|
unsigned int i;
|
2005-10-05 02:11:19 +04:00
|
|
|
#endif
|
2009-04-03 16:48:45 +04:00
|
|
|
|
2017-07-14 22:31:10 +03:00
|
|
|
if (cipher == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2009-04-04 18:15:14 +04:00
|
|
|
|
2005-10-05 02:11:19 +04:00
|
|
|
#ifdef HAVE_LIBGCRYPT
|
2017-07-14 22:31:10 +03:00
|
|
|
if (cipher->key) {
|
|
|
|
|
for (i = 0; i < (cipher->keylen / sizeof(gcry_cipher_hd_t)); i++) {
|
|
|
|
|
gcry_cipher_close(cipher->key[i]);
|
|
|
|
|
}
|
|
|
|
|
SAFE_FREE(cipher->key);
|
2009-04-04 18:15:14 +04:00
|
|
|
}
|
2015-09-25 01:05:10 +03:00
|
|
|
#endif
|
2017-07-14 22:34:10 +03:00
|
|
|
|
|
|
|
|
if (cipher->cleanup != NULL) {
|
|
|
|
|
cipher->cleanup(cipher);
|
|
|
|
|
}
|
2015-01-21 17:38:10 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void cipher_free(struct ssh_cipher_struct *cipher) {
|
|
|
|
|
ssh_cipher_clear(cipher);
|
2009-04-04 18:15:14 +04:00
|
|
|
SAFE_FREE(cipher);
|
2005-07-05 05:21:44 +04:00
|
|
|
}
|
|
|
|
|
|
2009-09-24 01:55:07 +04:00
|
|
|
struct ssh_crypto_struct *crypto_new(void) {
|
2011-05-19 01:18:39 +04:00
|
|
|
struct ssh_crypto_struct *crypto;
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2009-09-24 01:55:07 +04:00
|
|
|
crypto = malloc(sizeof(struct ssh_crypto_struct));
|
2009-04-02 01:24:16 +04:00
|
|
|
if (crypto == NULL) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2009-09-24 01:55:07 +04:00
|
|
|
ZERO_STRUCTP(crypto);
|
2009-04-02 01:24:16 +04:00
|
|
|
return crypto;
|
2005-07-05 05:21:44 +04:00
|
|
|
}
|
|
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
void crypto_free(struct ssh_crypto_struct *crypto)
|
|
|
|
|
{
|
2018-09-03 18:40:35 +03:00
|
|
|
size_t i;
|
|
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
if (crypto == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2009-04-04 18:15:14 +04:00
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
ssh_key_free(crypto->server_pubkey);
|
2009-04-04 18:15:14 +04:00
|
|
|
|
2018-11-07 00:22:59 +03:00
|
|
|
ssh_dh_cleanup(crypto);
|
2019-03-13 01:24:36 +03:00
|
|
|
bignum_safe_free(crypto->shared_secret);
|
2011-06-15 00:53:53 +04:00
|
|
|
#ifdef HAVE_ECDH
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto->ecdh_client_pubkey);
|
|
|
|
|
SAFE_FREE(crypto->ecdh_server_pubkey);
|
|
|
|
|
if(crypto->ecdh_privkey != NULL){
|
2016-05-02 17:00:26 +03:00
|
|
|
#ifdef HAVE_OPENSSL_ECC
|
2018-09-03 18:39:56 +03:00
|
|
|
EC_KEY_free(crypto->ecdh_privkey);
|
2016-05-02 17:00:26 +03:00
|
|
|
#elif defined HAVE_GCRYPT_ECC
|
2018-09-03 18:39:56 +03:00
|
|
|
gcry_sexp_release(crypto->ecdh_privkey);
|
2016-05-02 17:00:26 +03:00
|
|
|
#endif
|
2018-09-03 18:39:56 +03:00
|
|
|
crypto->ecdh_privkey = NULL;
|
|
|
|
|
}
|
2011-06-15 00:53:53 +04:00
|
|
|
#endif
|
2020-12-04 13:32:06 +03:00
|
|
|
SAFE_FREE(crypto->dh_server_signature);
|
2018-09-03 18:39:56 +03:00
|
|
|
if (crypto->session_id != NULL) {
|
2021-06-23 14:16:33 +03:00
|
|
|
explicit_bzero(crypto->session_id, crypto->session_id_len);
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto->session_id);
|
|
|
|
|
}
|
|
|
|
|
if (crypto->secret_hash != NULL) {
|
2018-09-03 18:44:17 +03:00
|
|
|
explicit_bzero(crypto->secret_hash, crypto->digest_len);
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto->secret_hash);
|
|
|
|
|
}
|
2011-09-24 00:54:33 +04:00
|
|
|
#ifdef WITH_ZLIB
|
2018-09-03 18:39:56 +03:00
|
|
|
if (crypto->compress_out_ctx &&
|
|
|
|
|
(deflateEnd(crypto->compress_out_ctx) != 0)) {
|
|
|
|
|
inflateEnd(crypto->compress_out_ctx);
|
|
|
|
|
}
|
|
|
|
|
SAFE_FREE(crypto->compress_out_ctx);
|
2014-09-27 06:43:47 +04:00
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
if (crypto->compress_in_ctx &&
|
|
|
|
|
(deflateEnd(crypto->compress_in_ctx) != 0)) {
|
|
|
|
|
inflateEnd(crypto->compress_in_ctx);
|
|
|
|
|
}
|
|
|
|
|
SAFE_FREE(crypto->compress_in_ctx);
|
2011-09-24 00:54:33 +04:00
|
|
|
#endif /* WITH_ZLIB */
|
2011-06-13 16:06:30 +04:00
|
|
|
SAFE_FREE(crypto->encryptIV);
|
|
|
|
|
SAFE_FREE(crypto->decryptIV);
|
|
|
|
|
SAFE_FREE(crypto->encryptMAC);
|
|
|
|
|
SAFE_FREE(crypto->decryptMAC);
|
2018-09-03 18:39:56 +03:00
|
|
|
if (crypto->encryptkey != NULL) {
|
2018-10-03 16:14:45 +03:00
|
|
|
explicit_bzero(crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto->encryptkey);
|
|
|
|
|
}
|
|
|
|
|
if (crypto->decryptkey != NULL) {
|
2018-10-03 16:14:45 +03:00
|
|
|
explicit_bzero(crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto->decryptkey);
|
|
|
|
|
}
|
2011-05-19 01:18:39 +04:00
|
|
|
|
2018-10-03 16:14:45 +03:00
|
|
|
cipher_free(crypto->in_cipher);
|
|
|
|
|
cipher_free(crypto->out_cipher);
|
|
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
for (i = 0; i < SSH_KEX_METHODS; i++) {
|
|
|
|
|
SAFE_FREE(crypto->client_kex.methods[i]);
|
|
|
|
|
SAFE_FREE(crypto->server_kex.methods[i]);
|
|
|
|
|
SAFE_FREE(crypto->kex_methods[i]);
|
|
|
|
|
}
|
2011-09-17 02:17:45 +04:00
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
explicit_bzero(crypto, sizeof(struct ssh_crypto_struct));
|
2009-04-04 18:15:14 +04:00
|
|
|
|
2018-09-03 18:39:56 +03:00
|
|
|
SAFE_FREE(crypto);
|
2005-07-05 05:21:44 +04:00
|
|
|
}
|
|
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
static int crypt_set_algorithms2(ssh_session session)
|
|
|
|
|
{
|
|
|
|
|
const char *wanted = NULL;
|
|
|
|
|
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
|
|
|
|
|
struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We must scan the kex entries to find crypto algorithms and set their
|
|
|
|
|
* appropriate structure.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* out */
|
|
|
|
|
wanted = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
|
|
|
|
|
for (i = 0; i < 64 && ssh_ciphertab[i].name != NULL; ++i) {
|
|
|
|
|
cmp = strcmp(wanted, ssh_ciphertab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (ssh_ciphertab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms2: no crypto algorithm function found for %s",
|
|
|
|
|
wanted);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set output algorithm to %s", wanted);
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
session->next_crypto->out_cipher = cipher_new(i);
|
|
|
|
|
if (session->next_crypto->out_cipher == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
2018-02-28 19:24:54 +03:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (session->next_crypto->out_cipher->aead_encrypt != NULL) {
|
|
|
|
|
/* this cipher has integrated MAC */
|
|
|
|
|
if (session->next_crypto->out_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
|
|
|
|
|
wanted = "aead-poly1305";
|
|
|
|
|
} else {
|
|
|
|
|
wanted = "aead-gcm";
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* We must scan the kex entries to find hmac algorithms and set their
|
|
|
|
|
* appropriate structure.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* out */
|
|
|
|
|
wanted = session->next_crypto->kex_methods[SSH_MAC_C_S];
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
|
|
|
|
|
cmp = strcmp(wanted, ssh_hmactab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (ssh_hmactab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms2: no hmac algorithm function found for %s",
|
|
|
|
|
wanted);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted);
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
|
2019-02-08 22:44:36 +03:00
|
|
|
session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;
|
2018-02-28 19:24:54 +03:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
/* in */
|
|
|
|
|
wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
|
|
|
|
|
cmp = strcmp(wanted, ssh_ciphertab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (ssh_ciphertab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"Crypt_set_algorithms: no crypto algorithm function found for %s",
|
|
|
|
|
wanted);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set input algorithm to %s", wanted);
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
session->next_crypto->in_cipher = cipher_new(i);
|
|
|
|
|
if (session->next_crypto->in_cipher == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
2018-02-28 19:24:54 +03:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
|
|
|
|
|
/* this cipher has integrated MAC */
|
|
|
|
|
if (session->next_crypto->in_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
|
|
|
|
|
wanted = "aead-poly1305";
|
|
|
|
|
} else {
|
|
|
|
|
wanted = "aead-gcm";
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
|
|
|
|
|
wanted = session->next_crypto->kex_methods[SSH_MAC_S_C];
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
|
|
|
|
|
cmp = strcmp(wanted, ssh_hmactab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
if (ssh_hmactab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms2: no hmac algorithm function found for %s",
|
|
|
|
|
wanted);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted);
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
|
2019-02-08 22:44:36 +03:00
|
|
|
session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;
|
2018-09-26 11:44:46 +03:00
|
|
|
|
|
|
|
|
/* compression */
|
|
|
|
|
cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib");
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
session->next_crypto->do_compress_out = 1;
|
|
|
|
|
}
|
|
|
|
|
cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib");
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
session->next_crypto->do_compress_in = 1;
|
|
|
|
|
}
|
|
|
|
|
cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib@openssh.com");
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
session->next_crypto->delayed_compress_out = 1;
|
|
|
|
|
}
|
|
|
|
|
cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib@openssh.com");
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
session->next_crypto->delayed_compress_in = 1;
|
|
|
|
|
}
|
2013-07-14 15:31:24 +04:00
|
|
|
|
2018-09-26 11:44:46 +03:00
|
|
|
return SSH_OK;
|
2009-04-17 17:13:14 +04:00
|
|
|
}
|
|
|
|
|
|
2018-06-28 18:52:58 +03:00
|
|
|
int crypt_set_algorithms_client(ssh_session session)
|
|
|
|
|
{
|
|
|
|
|
return crypt_set_algorithms2(session);
|
2005-07-05 05:21:44 +04:00
|
|
|
}
|
|
|
|
|
|
2011-09-17 02:03:50 +04:00
|
|
|
#ifdef WITH_SERVER
|
2009-09-23 23:55:54 +04:00
|
|
|
int crypt_set_algorithms_server(ssh_session session){
|
2018-02-28 19:24:53 +03:00
|
|
|
const char *method = NULL;
|
2018-09-26 11:56:56 +03:00
|
|
|
size_t i = 0;
|
2011-09-17 02:20:45 +04:00
|
|
|
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
|
2014-04-20 14:07:40 +04:00
|
|
|
struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
|
2018-09-26 11:56:56 +03:00
|
|
|
int cmp;
|
|
|
|
|
|
2009-02-02 20:00:04 +03:00
|
|
|
|
2011-04-14 12:17:44 +04:00
|
|
|
if (session == NULL) {
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-14 15:31:24 +04:00
|
|
|
/*
|
|
|
|
|
* We must scan the kex entries to find crypto algorithms and set their
|
|
|
|
|
* appropriate structure
|
|
|
|
|
*/
|
2005-08-07 14:48:08 +04:00
|
|
|
/* out */
|
2011-09-17 02:17:45 +04:00
|
|
|
method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
|
2018-02-28 19:24:53 +03:00
|
|
|
|
|
|
|
|
for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
|
|
|
|
|
cmp = strcmp(method, ssh_ciphertab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ssh_ciphertab[i].name == NULL) {
|
2011-09-17 01:58:48 +04:00
|
|
|
ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : "
|
|
|
|
|
"no crypto algorithm function found for %s",method);
|
2013-07-14 15:31:24 +04:00
|
|
|
return SSH_ERROR;
|
2005-08-07 14:48:08 +04:00
|
|
|
}
|
2013-07-14 14:29:45 +04:00
|
|
|
SSH_LOG(SSH_LOG_PACKET,"Set output algorithm %s",method);
|
2009-04-02 01:24:16 +04:00
|
|
|
|
|
|
|
|
session->next_crypto->out_cipher = cipher_new(i);
|
|
|
|
|
if (session->next_crypto->out_cipher == NULL) {
|
2013-07-14 15:31:24 +04:00
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
return SSH_ERROR;
|
2009-04-02 01:24:16 +04:00
|
|
|
}
|
2018-09-26 11:56:56 +03:00
|
|
|
|
2018-02-28 19:24:53 +03:00
|
|
|
if (session->next_crypto->out_cipher->aead_encrypt != NULL){
|
|
|
|
|
/* this cipher has integrated MAC */
|
2018-10-08 14:24:49 +03:00
|
|
|
if (session->next_crypto->out_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
|
|
|
|
|
method = "aead-poly1305";
|
|
|
|
|
} else {
|
|
|
|
|
method = "aead-gcm";
|
|
|
|
|
}
|
2018-02-28 19:24:53 +03:00
|
|
|
} else {
|
|
|
|
|
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
|
|
|
|
|
/* out */
|
|
|
|
|
method = session->next_crypto->kex_methods[SSH_MAC_S_C];
|
2009-04-02 01:24:16 +04:00
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
/* HMAC algorithm selection */
|
2018-02-28 19:24:53 +03:00
|
|
|
|
2018-09-26 11:56:56 +03:00
|
|
|
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
|
|
|
|
|
cmp = strcmp(method, ssh_hmactab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ssh_hmactab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms_server: no hmac algorithm function found for %s",
|
|
|
|
|
method);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method);
|
|
|
|
|
|
|
|
|
|
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
|
2019-02-08 22:44:36 +03:00
|
|
|
session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;
|
2018-02-28 19:24:53 +03:00
|
|
|
|
|
|
|
|
/* in */
|
|
|
|
|
method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
|
|
|
|
|
|
|
|
|
|
for (i = 0; ssh_ciphertab[i].name; i++) {
|
2018-09-26 11:56:56 +03:00
|
|
|
cmp = strcmp(method, ssh_ciphertab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-02-28 19:24:53 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ssh_ciphertab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :"
|
|
|
|
|
"no crypto algorithm function found for %s",method);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET,"Set input algorithm %s",method);
|
|
|
|
|
|
|
|
|
|
session->next_crypto->in_cipher = cipher_new(i);
|
|
|
|
|
if (session->next_crypto->in_cipher == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
|
2018-02-28 19:24:54 +03:00
|
|
|
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
|
|
|
|
|
/* this cipher has integrated MAC */
|
2018-10-08 14:24:49 +03:00
|
|
|
if (session->next_crypto->in_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
|
|
|
|
|
method = "aead-poly1305";
|
|
|
|
|
} else {
|
|
|
|
|
method = "aead-gcm";
|
|
|
|
|
}
|
2018-02-28 19:24:54 +03:00
|
|
|
} else {
|
|
|
|
|
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
|
|
|
|
|
method = session->next_crypto->kex_methods[SSH_MAC_C_S];
|
|
|
|
|
}
|
2018-02-28 19:24:53 +03:00
|
|
|
|
|
|
|
|
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
|
2018-09-26 11:56:56 +03:00
|
|
|
cmp = strcmp(method, ssh_hmactab[i].name);
|
|
|
|
|
if (cmp == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2014-04-20 14:07:40 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ssh_hmactab[i].name == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms_server: no hmac algorithm function found for %s",
|
|
|
|
|
method);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method);
|
|
|
|
|
|
|
|
|
|
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
|
2019-02-08 22:44:36 +03:00
|
|
|
session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;
|
2009-04-02 01:24:16 +04:00
|
|
|
|
2005-08-07 14:48:08 +04:00
|
|
|
/* compression */
|
2013-08-04 17:39:18 +04:00
|
|
|
method = session->next_crypto->kex_methods[SSH_COMP_C_S];
|
2011-09-17 01:58:48 +04:00
|
|
|
if(strcmp(method,"zlib") == 0){
|
2013-07-14 14:29:45 +04:00
|
|
|
SSH_LOG(SSH_LOG_PACKET,"enabling C->S compression");
|
2005-08-07 14:48:08 +04:00
|
|
|
session->next_crypto->do_compress_in=1;
|
|
|
|
|
}
|
2011-09-17 01:58:48 +04:00
|
|
|
if(strcmp(method,"zlib@openssh.com") == 0){
|
2013-11-03 06:30:35 +04:00
|
|
|
SSH_LOG(SSH_LOG_PACKET,"enabling C->S delayed compression");
|
|
|
|
|
|
|
|
|
|
if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
|
|
|
|
|
session->next_crypto->do_compress_in = 1;
|
|
|
|
|
} else {
|
|
|
|
|
session->next_crypto->delayed_compress_in = 1;
|
|
|
|
|
}
|
2011-09-17 01:58:48 +04:00
|
|
|
}
|
2013-08-04 17:39:18 +04:00
|
|
|
|
|
|
|
|
method = session->next_crypto->kex_methods[SSH_COMP_S_C];
|
2011-09-17 01:58:48 +04:00
|
|
|
if(strcmp(method,"zlib") == 0){
|
2016-10-12 12:29:02 +03:00
|
|
|
SSH_LOG(SSH_LOG_PACKET, "enabling S->C compression");
|
2005-08-07 14:48:08 +04:00
|
|
|
session->next_crypto->do_compress_out=1;
|
|
|
|
|
}
|
2011-09-17 01:58:48 +04:00
|
|
|
if(strcmp(method,"zlib@openssh.com") == 0){
|
2016-10-12 12:29:02 +03:00
|
|
|
SSH_LOG(SSH_LOG_PACKET,"enabling S->C delayed compression");
|
2013-11-03 06:30:35 +04:00
|
|
|
|
|
|
|
|
if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
|
|
|
|
|
session->next_crypto->do_compress_out = 1;
|
|
|
|
|
} else {
|
|
|
|
|
session->next_crypto->delayed_compress_out = 1;
|
|
|
|
|
}
|
2005-08-07 14:48:08 +04:00
|
|
|
}
|
2011-09-17 01:58:48 +04:00
|
|
|
|
2011-09-17 02:17:45 +04:00
|
|
|
method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
|
2018-08-06 15:32:28 +03:00
|
|
|
session->srv.hostkey = ssh_key_type_from_signature_name(method);
|
2019-10-31 15:03:21 +03:00
|
|
|
session->srv.hostkey_digest = ssh_key_hash_from_name(method);
|
2013-07-14 15:31:24 +04:00
|
|
|
|
2015-12-23 14:50:00 +03:00
|
|
|
/* setup DH key exchange type */
|
|
|
|
|
switch (session->next_crypto->kex_type) {
|
|
|
|
|
case SSH_KEX_DH_GROUP1_SHA1:
|
|
|
|
|
case SSH_KEX_DH_GROUP14_SHA1:
|
2020-04-03 13:49:19 +03:00
|
|
|
case SSH_KEX_DH_GROUP14_SHA256:
|
2015-12-23 14:50:00 +03:00
|
|
|
case SSH_KEX_DH_GROUP16_SHA512:
|
|
|
|
|
case SSH_KEX_DH_GROUP18_SHA512:
|
|
|
|
|
ssh_server_dh_init(session);
|
|
|
|
|
break;
|
2019-02-02 18:49:05 +03:00
|
|
|
#ifdef WITH_GEX
|
2018-11-07 18:15:50 +03:00
|
|
|
case SSH_KEX_DH_GEX_SHA1:
|
|
|
|
|
case SSH_KEX_DH_GEX_SHA256:
|
|
|
|
|
ssh_server_dhgex_init(session);
|
|
|
|
|
break;
|
2019-02-02 18:49:05 +03:00
|
|
|
#endif /* WITH_GEX */
|
2015-12-23 14:50:00 +03:00
|
|
|
#ifdef HAVE_ECDH
|
|
|
|
|
case SSH_KEX_ECDH_SHA2_NISTP256:
|
|
|
|
|
case SSH_KEX_ECDH_SHA2_NISTP384:
|
|
|
|
|
case SSH_KEX_ECDH_SHA2_NISTP521:
|
|
|
|
|
ssh_server_ecdh_init(session);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_CURVE25519
|
|
|
|
|
case SSH_KEX_CURVE25519_SHA256:
|
|
|
|
|
case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
|
|
|
|
|
ssh_server_curve25519_init(session);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
default:
|
|
|
|
|
ssh_set_error(session,
|
|
|
|
|
SSH_FATAL,
|
|
|
|
|
"crypt_set_algorithms_server: could not find init "
|
|
|
|
|
"handler for kex type %d",
|
|
|
|
|
session->next_crypto->kex_type);
|
|
|
|
|
return SSH_ERROR;
|
|
|
|
|
}
|
2013-07-14 15:31:24 +04:00
|
|
|
return SSH_OK;
|
2005-08-07 14:48:08 +04:00
|
|
|
}
|
2009-05-12 21:49:23 +04:00
|
|
|
|
2011-09-17 02:03:50 +04:00
|
|
|
#endif /* WITH_SERVER */
|
