kex: moved KEX structures to ssh_crypto_struct

2011-09-17 00:17:45 +02:00 · 2011-09-17 00:17:45 +02:00 · ac41a083ef
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@ -44,6 +44,7 @@
 #include <openssl/ecdh.h>
 #endif
 #include "libssh/ecdh.h"
+#include "libssh/kex.h"

 enum ssh_key_exchange_e {
  /* diffie-hellman-group1-sha1 */
@ -78,6 +79,10 @@ struct ssh_crypto_struct {
    int delayed_compress_out;
    void *compress_out_ctx; /* don't touch it */
    void *compress_in_ctx; /* really, don't */
+    /* kex sent by server, client, and mutually elected methods */
+    KEX server_kex;
+    KEX client_kex;
+    char *kex_methods[SSH_KEX_METHODS];
    enum ssh_key_exchange_e kex_type;
    enum ssh_mac_e mac_type; /* Mac operations to use for key gen */
 };
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@ -27,7 +27,6 @@
 #include "libssh/auth.h"
 #include "libssh/channels.h"
 #include "libssh/poll.h"
-#include "libssh/kex.h"

 /* These are the different states a SSH session can be into its life */
 enum ssh_session_state_e {
@ -123,11 +122,6 @@ struct ssh_session_struct {
    struct ssh_agent_state_struct *agent_state;
    struct ssh_auth_auto_state_struct *auth_auto_state;

-    /* kex sent by server, client, and mutually elected methods */
-    KEX server_kex;
-    KEX client_kex;
-    char *kex_methods[SSH_KEX_METHODS];
-
    ssh_buffer in_hashbuf;
    ssh_buffer out_hashbuf;
    struct ssh_crypto_struct *current_crypto;
--- a/src/client.c
+++ b/src/client.c
@ -545,7 +545,7 @@ static void ssh_client_connection_callback(ssh_session session){
 			break;
 		case SSH_SESSION_STATE_KEXINIT_RECEIVED:
 			set_status(session,0.6f);
-			ssh_list_kex(session, &session->server_kex);
+			ssh_list_kex(session, &session->next_crypto->server_kex);
 			if (set_client_kex(session) < 0) {
 				goto error;
 			}
@ -810,17 +810,6 @@ error:
  session->auth_methods = 0;
  SAFE_FREE(session->serverbanner);
  SAFE_FREE(session->clientbanner);
-  if (session->client_kex.methods) {
-    for (i = 0; i < 10; i++) {
-      SAFE_FREE(session->client_kex.methods[i]);
-    }
-  }
-
-  if (session->server_kex.methods) {
-    for (i = 0; i < 10; i++) {
-      SAFE_FREE(session->server_kex.methods[i]);
-    }
-  }

  if(session->ssh_message_list){
    ssh_message msg;
--- a/src/dh.c
+++ b/src/dh.c
@ -771,13 +771,13 @@ int hashbufout_add_cookie(ssh_session session) {

  if (session->server) {
    if (buffer_add_data(session->out_hashbuf,
-          session->server_kex.cookie, 16) < 0) {
+          session->next_crypto->server_kex.cookie, 16) < 0) {
      buffer_reinit(session->out_hashbuf);
      return -1;
    }
  } else {
    if (buffer_add_data(session->out_hashbuf,
-          session->client_kex.cookie, 16) < 0) {
+          session->next_crypto->client_kex.cookie, 16) < 0) {
      buffer_reinit(session->out_hashbuf);
      return -1;
    }
--- a/src/kex.c
+++ b/src/kex.c
@ -260,22 +260,22 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
  	goto error;
  }
  if (server_kex) {
-      if (buffer_get_data(packet,session->client_kex.cookie,16) != 16) {
+      if (buffer_get_data(packet,session->next_crypto->client_kex.cookie,16) != 16) {
        ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
        goto error;
      }

-      if (hashbufin_add_cookie(session, session->client_kex.cookie) < 0) {
+      if (hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie) < 0) {
        ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
        goto error;
      }
  } else {
-      if (buffer_get_data(packet,session->server_kex.cookie,16) != 16) {
+      if (buffer_get_data(packet,session->next_crypto->server_kex.cookie,16) != 16) {
        ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
        goto error;
      }

-      if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) {
+      if (hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie) < 0) {
        ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
        goto error;
      }
@ -303,12 +303,12 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){

  /* copy the server kex info into an array of strings */
  if (server_kex) {
-    for (i = 0; i < 10; i++) {
-      session->client_kex.methods[i] = strings[i];
+    for (i = 0; i < SSH_KEX_METHODS; i++) {
+      session->next_crypto->client_kex.methods[i] = strings[i];
    }
  } else { /* client */
-    for (i = 0; i < 10; i++) {
-      session->server_kex.methods[i] = strings[i];
+    for (i = 0; i < SSH_KEX_METHODS; i++) {
+      session->next_crypto->server_kex.methods[i] = strings[i];
    }
  }

@ -348,7 +348,7 @@ void ssh_list_kex(ssh_session session, KEX *kex) {
 *        in function of the options and available methods.
 */
 int set_client_kex(ssh_session session){
-    KEX *client= &session->client_kex;
+    KEX *client= &session->next_crypto->client_kex;
    int i;
    const char *wanted;
    enter_function();
@ -368,27 +368,27 @@ int set_client_kex(ssh_session session){
 * server's kex messages, and watches out if a match is possible.
 */
 int ssh_kex_select_methods (ssh_session session){
-    KEX *server = &session->server_kex;
-    KEX *client = &session->client_kex;
+    KEX *server = &session->next_crypto->server_kex;
+    KEX *client = &session->next_crypto->client_kex;
    int rc = SSH_ERROR;
    int i;

    enter_function();

    for (i=0;i<10;i++){
-        session->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
-        if(session->kex_methods[i] == NULL && i < SSH_LANG_C_S){
+        session->next_crypto->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
+        if(session->next_crypto->kex_methods[i] == NULL && i < SSH_LANG_C_S){
            ssh_set_error(session,SSH_FATAL,"kex error : no match for method %s: server [%s], client [%s]",
                    ssh_kex_nums[i],server->methods[i],client->methods[i]);
            goto error;
-        } else if ((i >= SSH_LANG_C_S) && (session->kex_methods[i] == NULL)) {
+        } else if ((i >= SSH_LANG_C_S) && (session->next_crypto->kex_methods[i] == NULL)) {
            /* we can safely do that for languages */
-            session->kex_methods[i] = strdup("");
+            session->next_crypto->kex_methods[i] = strdup("");
        }
    }
-    if(strcmp(session->kex_methods[SSH_KEX], "diffie-hellman-group1-sha1") == 0){
+    if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group1-sha1") == 0){
      session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1;
-    } else if(strcmp(session->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
      session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256;
    }
    rc = SSH_OK;
@ -400,7 +400,8 @@ error:

 /* this function only sends the predefined set of kex methods */
 int ssh_send_kex(ssh_session session, int server_kex) {
-  KEX *kex = (server_kex ? &session->server_kex : &session->client_kex);
+  KEX *kex = (server_kex ? &session->next_crypto->server_kex :
+      &session->next_crypto->client_kex);
  ssh_string str = NULL;
  int i;

--- a/src/kex1.c
+++ b/src/kex1.c
@ -85,7 +85,7 @@ static int build_session_id1(ssh_session session, ssh_string servern,
 #endif
  md5_update(md5,ssh_string_data(hostn),ssh_string_len(hostn));
  md5_update(md5,ssh_string_data(servern),ssh_string_len(servern));
-  md5_update(md5,session->server_kex.cookie,8);
+  md5_update(md5,session->next_crypto->server_kex.cookie,8);
  if(session->next_crypto->session_id != NULL)
      SAFE_FREE(session->next_crypto->session_id);
  session->next_crypto->session_id = malloc(MD5_DIGEST_LEN);
@ -319,7 +319,7 @@ SSH_PACKET_CALLBACK(ssh_packet_publickey1){
    ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
    goto error;
  }
-  if (buffer_get_data(packet, session->server_kex.cookie, 8) != 8) {
+  if (buffer_get_data(packet, session->next_crypto->server_kex.cookie, 8) != 8) {
    ssh_set_error(session, SSH_FATAL, "Can't get cookie in buffer");
    goto error;
  }
@ -408,7 +408,7 @@ SSH_PACKET_CALLBACK(ssh_packet_publickey1){
   if (buffer_add_u8(session->out_buffer, SSH_CIPHER_3DES) < 0) {
     goto error;
   }
-   if (buffer_add_data(session->out_buffer, session->server_kex.cookie, 8) < 0) {
+   if (buffer_add_data(session->out_buffer, session->next_crypto->server_kex.cookie, 8) < 0) {
     goto error;
   }

--- a/src/server.c
+++ b/src/server.c
@ -83,7 +83,7 @@ extern const char *supported_methods[];
 */

 static int server_set_kex(ssh_session session) {
-  KEX *server = &session->server_kex;
+  KEX *server = &session->next_crypto->server_kex;
  int i, j;
  const char *wanted;

@ -356,7 +356,7 @@ static void ssh_server_connection_callback(ssh_session session){
 			break;
 		case SSH_SESSION_STATE_KEXINIT_RECEIVED:
 			set_status(session,0.6f);
-			ssh_list_kex(session, &session->client_kex); // log client kex
+			ssh_list_kex(session, &session->next_crypto->client_kex); // log client kex
 			if (ssh_kex_select_methods(session) < 0) {
 				goto error;
 			}
--- a/src/session.c
+++ b/src/session.c
@ -197,17 +197,6 @@ void ssh_free(ssh_session session) {
 #ifndef _WIN32
  agent_free(session->agent);
 #endif /* _WIN32 */
-  if (session->client_kex.methods) {
-    for (i = 0; i < 10; i++) {
-      SAFE_FREE(session->client_kex.methods[i]);
-    }
-  }
-
-  if (session->server_kex.methods) {
-    for (i = 0; i < 10; i++) {
-      SAFE_FREE(session->server_kex.methods[i]);
-    }
-  }

  ssh_key_free(session->srv.dsa_key);
  ssh_key_free(session->srv.rsa_key);
--- a/src/wrapper.c
+++ b/src/wrapper.c
@ -98,6 +98,7 @@ struct ssh_crypto_struct *crypto_new(void) {
 }

 void crypto_free(struct ssh_crypto_struct *crypto){
+  int i;
  if (crypto == NULL) {
    return;
  }
@ -148,6 +149,12 @@ void crypto_free(struct ssh_crypto_struct *crypto){
    SAFE_FREE(crypto->decryptkey);
  }

+  for (i = 0; i < SSH_KEX_METHODS; i++) {
+      SAFE_FREE(crypto->client_kex.methods[i]);
+      SAFE_FREE(crypto->server_kex.methods[i]);
+      SAFE_FREE(crypto->kex_methods[i]);
+  }
+
  memset(crypto,0,sizeof(*crypto));

  SAFE_FREE(crypto);
@ -162,7 +169,7 @@ static int crypt_set_algorithms2(ssh_session session){
  enter_function();
  /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
  /* out */
-  wanted = session->kex_methods[SSH_CRYPT_C_S];
+  wanted = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
  while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
    i++;
  }
@ -183,7 +190,7 @@ static int crypt_set_algorithms2(ssh_session session){
  i = 0;

  /* in */
-  wanted = session->kex_methods[SSH_CRYPT_S_C];
+  wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
  while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
    i++;
  }
@ -203,16 +210,16 @@ static int crypt_set_algorithms2(ssh_session session){
  }

  /* compression */
-  if (strcmp(session->kex_methods[SSH_COMP_C_S], "zlib") == 0) {
+  if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib") == 0) {
    session->next_crypto->do_compress_out = 1;
  }
-  if (strcmp(session->kex_methods[SSH_COMP_S_C], "zlib") == 0) {
+  if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib") == 0) {
    session->next_crypto->do_compress_in = 1;
  }
-  if (strcmp(session->kex_methods[SSH_COMP_C_S], "zlib@openssh.com") == 0) {
+  if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib@openssh.com") == 0) {
    session->next_crypto->delayed_compress_out = 1;
  }
-  if (strcmp(session->kex_methods[SSH_COMP_S_C], "zlib@openssh.com") == 0) {
+  if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib@openssh.com") == 0) {
    session->next_crypto->delayed_compress_in = 1;
  }
  rc = SSH_OK;
@ -270,7 +277,7 @@ int crypt_set_algorithms_server(ssh_session session){
    /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
    enter_function();
    /* out */
-    method = session->kex_methods[SSH_CRYPT_S_C];
+    method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
    while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
        i++;
    if(!ssh_ciphertab[i].name){
@ -287,7 +294,7 @@ int crypt_set_algorithms_server(ssh_session session){
    }
    i=0;
    /* in */
-    method = session->kex_methods[SSH_CRYPT_C_S];
+    method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
    while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
        i++;
    if(!ssh_ciphertab[i].name){
@ -304,7 +311,7 @@ int crypt_set_algorithms_server(ssh_session session){
    }

    /* compression */
-    method = session->kex_methods[SSH_CRYPT_C_S];
+    method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
    if(strcmp(method,"zlib") == 0){
        ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
        session->next_crypto->do_compress_in=1;
@ -313,7 +320,7 @@ int crypt_set_algorithms_server(ssh_session session){
        ssh_set_error(session,SSH_FATAL,"zlib@openssh.com not supported");
        goto error;
    }
-    method = session->kex_methods[SSH_CRYPT_S_C];
+    method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
    if(strcmp(method,"zlib") == 0){
        ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
        session->next_crypto->do_compress_out=1;
@ -323,7 +330,7 @@ int crypt_set_algorithms_server(ssh_session session){
        goto error;
    }

-    method = session->kex_methods[SSH_HOSTKEYS];
+    method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
    session->srv.hostkey = ssh_key_type_from_name(method);
    rc = SSH_OK;
    error: