#define crWaitUntil(c) do { crReturn(0); } while (!(c))
extern struct ssh_cipher ssh_3des;
+extern struct ssh_cipher ssh_3des_ssh2;
extern struct ssh_cipher ssh_des;
extern struct ssh_cipher ssh_blowfish;
/* for ssh 2; we miss out single-DES because it isn't supported */
-struct ssh_cipher *ciphers[] = { &ssh_3des, &ssh_blowfish };
+struct ssh_cipher *ciphers[] = { &ssh_3des_ssh2, &ssh_blowfish };
extern struct ssh_kex ssh_diffiehellman;
struct ssh_kex *kex_algs[] = { &ssh_diffiehellman };
SHA_State exhash;
-static void nullmac_sesskey(unsigned char *key, int len) { }
+static void nullmac_key(unsigned char *key) { }
static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { }
static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) { return 1; }
struct ssh_mac ssh_mac_none = {
- nullmac_sesskey, nullmac_generate, nullmac_verify, "none", 0
+ nullmac_key, nullmac_key, nullmac_generate, nullmac_verify, "none", 0
};
struct ssh_mac *macs[] = { &ssh_sha1, &ssh_mac_none };
/* FIXME */
}
#endif
+ debug(("Got initblk:"));
+ for (i = 0; i < cipherblk; i++)
+ debug((" %02x", (unsigned char)pktin.data[i]));
+ debug(("\r\n"));
if (sccipher)
sccipher->decrypt(pktin.data, cipherblk);
+ debug(("Decrypted initblk:"));
+ for (i = 0; i < cipherblk; i++)
+ debug((" %02x", (unsigned char)pktin.data[i]));
+ debug(("\r\n"));
/*
* Now get the length and padding figures.
if (sccipher)
sccipher->decrypt(pktin.data + cipherblk, packetlen - cipherblk);
+ debug(("Got packet len=%d pad=%d\r\n", len, pad));
+ for (i = 0; i < packetlen; i++)
+ debug((" %02x", (unsigned char)pktin.data[i]));
+ debug(("\r\n"));
+
/*
* Check the MAC.
*/
- if (scmac && !scmac->verify(pktin.data, incoming_sequence++, len+4))
+ if (scmac && !scmac->verify(pktin.data, len+4, incoming_sequence))
fatalbox("Incorrect MAC received on packet");
+ incoming_sequence++; /* whether or not we MACed */
pktin.savedpos = 6;
pktin.type = pktin.data[5];
-#if 0
- debug(("Got packet len=%d pad=%d\r\n", len, pad));
- for (i = 0; i < payload; i++)
- debug((" %02x", (unsigned char)pktin.data[i]));
- debug(("\r\n"));
-#endif
/*
* FIXME: handle IGNORE and DEBUG messages.
}
void ssh2_pkt_send(void) {
int cipherblk, maclen, padding, i;
- unsigned long outgoing_sequence = 0;
+ static unsigned long outgoing_sequence = 0;
/*
* Add padding. At least four bytes, and must also bring total
pktout.data[pktout.length + i] = random_byte();
PUT_32BIT(pktout.data, pktout.length + padding - 4);
if (csmac)
- csmac->generate(pktout.data, outgoing_sequence++,
- pktout.length + padding);
+ csmac->generate(pktout.data, pktout.length + padding,
+ outgoing_sequence);
+ outgoing_sequence++; /* whether or not we MACed */
if (cscipher)
cscipher->encrypt(pktout.data, pktout.length + padding);
maclen = csmac ? csmac->len : 0;
}
/*
+ * SSH2 key creation method.
+ */
+void ssh2_mkkey(Bignum K, char *H, char chr, char *keyspace) {
+ SHA_State s;
+ /* First 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, &chr, 1);
+ SHA_Bytes(&s, H, 20);
+ SHA_Final(&s, keyspace);
+ /* Next 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, keyspace, 20);
+ SHA_Final(&s, keyspace+20);
+}
+
+/*
* Handle the SSH2 key exchange phase.
*/
static int do_ssh2_kex(unsigned char *in, int inlen, int ispkt)
static char *hostkeydata, *sigdata;
static int hostkeylen, siglen;
static unsigned char exchange_hash[20];
+ static unsigned char keyspace[40];
crBegin;
debug(("\r\n"));
/*
- * FIXME: verify hostkeydata and sigdata.
+ * FIXME: verify host key. This bit will be moderately
+ * unpleasant, because of having to rewrite it to work
+ * alongside the old scheme.
*/
-
+
+ /*
+ * FIXME: verify signature of exchange hash.
+ */
+
+ /*
+ * Send SSH2_MSG_NEWKEYS. Expect it from server.
+ */
+ ssh2_pkt_init(SSH2_MSG_NEWKEYS);
+ ssh2_pkt_send();
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH2_MSG_NEWKEYS)
+ fatalbox("expected new-keys packet from server");
+
+ /*
+ * Create and initialise session keys.
+ */
+ cscipher = cscipher_tobe;
+ sccipher = sccipher_tobe;
+ csmac = csmac_tobe;
+ scmac = scmac_tobe;
+ cscomp = cscomp_tobe;
+ sccomp = sccomp_tobe;
+ /*
+ * Set IVs after keys.
+ */
+ ssh2_mkkey(K, exchange_hash, 'C', keyspace); cscipher->setcskey(keyspace);
+ ssh2_mkkey(K, exchange_hash, 'D', keyspace); cscipher->setsckey(keyspace);
+ ssh2_mkkey(K, exchange_hash, 'A', keyspace); cscipher->setcsiv(keyspace);
+ ssh2_mkkey(K, exchange_hash, 'B', keyspace); sccipher->setsciv(keyspace);
+ ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace);
+ ssh2_mkkey(K, exchange_hash, 'F', keyspace); scmac->setsckey(keyspace);
+
+ /*
+ * Now we're encrypting. Send a test packet (FIXME).
+ */
+ crWaitUntil(!ispkt);
+ ssh2_pkt_init(SSH2_MSG_IGNORE);
+ ssh2_pkt_addstring("oo-er");
+ ssh2_pkt_send();
+
crWaitUntil(0);
crFinish(1);