зеркало из https://github.com/github/putty.git
Provide an 'extra' pointer in ssh_signkey and ssh_kex.
This gives families of public key and kex functions (by which I mean those sharing a set of methods) a place to store parameters that allow the methods to vary depending on which exact algorithm is in use. The ssh_kex structure already had a set of parameters specific to Diffie-Hellman key exchange; I've moved those into sshdh.c and made them part of the 'extra' structure for that family only, so that unrelated kex methods don't have to faff about saying NULL,NULL,0,0. (This required me to write an extra accessor function for ssh.c to ask whether a DH method was group-exchange style or fixed-group style, but that doesn't seem too silly.)
This commit is contained in:
Родитель
870ad6ab07
Коммит
1293334ebf
6
ssh.c
6
ssh.c
|
@ -6740,7 +6740,7 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||||
* If we're doing Diffie-Hellman group exchange, start by
|
* If we're doing Diffie-Hellman group exchange, start by
|
||||||
* requesting a group.
|
* requesting a group.
|
||||||
*/
|
*/
|
||||||
if (!ssh->kex->pdata) {
|
if (dh_is_gex(ssh->kex)) {
|
||||||
logevent("Doing Diffie-Hellman group exchange");
|
logevent("Doing Diffie-Hellman group exchange");
|
||||||
ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
|
ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
|
||||||
/*
|
/*
|
||||||
|
@ -6828,7 +6828,7 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||||
set_busy_status(ssh->frontend, BUSY_NOT);
|
set_busy_status(ssh->frontend, BUSY_NOT);
|
||||||
|
|
||||||
hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
|
hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
|
||||||
if (!ssh->kex->pdata) {
|
if (dh_is_gex(ssh->kex)) {
|
||||||
if (!(ssh->remote_bugs & BUG_SSH2_OLDGEX))
|
if (!(ssh->remote_bugs & BUG_SSH2_OLDGEX))
|
||||||
hash_uint32(ssh->kex->hash, ssh->exhash, DH_MIN_SIZE);
|
hash_uint32(ssh->kex->hash, ssh->exhash, DH_MIN_SIZE);
|
||||||
hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
|
hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
|
||||||
|
@ -6842,7 +6842,7 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||||
|
|
||||||
dh_cleanup(ssh->kex_ctx);
|
dh_cleanup(ssh->kex_ctx);
|
||||||
freebn(s->f);
|
freebn(s->f);
|
||||||
if (!ssh->kex->pdata) {
|
if (dh_is_gex(ssh->kex)) {
|
||||||
freebn(s->g);
|
freebn(s->g);
|
||||||
freebn(s->p);
|
freebn(s->p);
|
||||||
}
|
}
|
||||||
|
|
6
ssh.h
6
ssh.h
|
@ -344,10 +344,8 @@ struct ssh_hash {
|
||||||
struct ssh_kex {
|
struct ssh_kex {
|
||||||
char *name, *groupname;
|
char *name, *groupname;
|
||||||
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH } main_type;
|
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH } main_type;
|
||||||
/* For DH */
|
|
||||||
const unsigned char *pdata, *gdata; /* NULL means group exchange */
|
|
||||||
int plen, glen;
|
|
||||||
const struct ssh_hash *hash;
|
const struct ssh_hash *hash;
|
||||||
|
const void *extra; /* private to the kex methods */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ssh_kexes {
|
struct ssh_kexes {
|
||||||
|
@ -385,6 +383,7 @@ struct ssh_signkey {
|
||||||
int *siglen);
|
int *siglen);
|
||||||
const char *name;
|
const char *name;
|
||||||
const char *keytype; /* for host key cache */
|
const char *keytype; /* for host key cache */
|
||||||
|
const void *extra; /* private to the public key methods */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ssh_compress {
|
struct ssh_compress {
|
||||||
|
@ -639,6 +638,7 @@ Bignum bignum_from_decimal(const char *decimal);
|
||||||
void diagbn(char *prefix, Bignum md);
|
void diagbn(char *prefix, Bignum md);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
int dh_is_gex(const struct ssh_kex *kex);
|
||||||
void *dh_setup_group(const struct ssh_kex *kex);
|
void *dh_setup_group(const struct ssh_kex *kex);
|
||||||
void *dh_setup_gex(Bignum pval, Bignum gval);
|
void *dh_setup_gex(Bignum pval, Bignum gval);
|
||||||
void dh_cleanup(void *);
|
void dh_cleanup(void *);
|
||||||
|
|
36
sshdh.c
36
sshdh.c
|
@ -50,9 +50,18 @@ static const unsigned char P14[] = {
|
||||||
*/
|
*/
|
||||||
static const unsigned char G[] = { 2 };
|
static const unsigned char G[] = { 2 };
|
||||||
|
|
||||||
|
struct dh_extra {
|
||||||
|
const unsigned char *pdata, *gdata; /* NULL means group exchange */
|
||||||
|
int plen, glen;
|
||||||
|
};
|
||||||
|
|
||||||
|
static const struct dh_extra extra_group1 = {
|
||||||
|
P1, G, lenof(P1), lenof(G),
|
||||||
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_diffiehellman_group1_sha1 = {
|
static const struct ssh_kex ssh_diffiehellman_group1_sha1 = {
|
||||||
"diffie-hellman-group1-sha1", "group1",
|
"diffie-hellman-group1-sha1", "group1",
|
||||||
KEXTYPE_DH, P1, G, lenof(P1), lenof(G), &ssh_sha1
|
KEXTYPE_DH, &ssh_sha1, &extra_group1,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const group1_list[] = {
|
static const struct ssh_kex *const group1_list[] = {
|
||||||
|
@ -64,9 +73,13 @@ const struct ssh_kexes ssh_diffiehellman_group1 = {
|
||||||
group1_list
|
group1_list
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const struct dh_extra extra_group14 = {
|
||||||
|
P14, G, lenof(P14), lenof(G),
|
||||||
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_diffiehellman_group14_sha1 = {
|
static const struct ssh_kex ssh_diffiehellman_group14_sha1 = {
|
||||||
"diffie-hellman-group14-sha1", "group14",
|
"diffie-hellman-group14-sha1", "group14",
|
||||||
KEXTYPE_DH, P14, G, lenof(P14), lenof(G), &ssh_sha1
|
KEXTYPE_DH, &ssh_sha1, &extra_group14,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const group14_list[] = {
|
static const struct ssh_kex *const group14_list[] = {
|
||||||
|
@ -78,14 +91,18 @@ const struct ssh_kexes ssh_diffiehellman_group14 = {
|
||||||
group14_list
|
group14_list
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const struct dh_extra extra_gex = {
|
||||||
|
NULL, NULL, 0, 0,
|
||||||
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_diffiehellman_gex_sha256 = {
|
static const struct ssh_kex ssh_diffiehellman_gex_sha256 = {
|
||||||
"diffie-hellman-group-exchange-sha256", NULL,
|
"diffie-hellman-group-exchange-sha256", NULL,
|
||||||
KEXTYPE_DH, NULL, NULL, 0, 0, &ssh_sha256
|
KEXTYPE_DH, &ssh_sha256, &extra_gex,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_diffiehellman_gex_sha1 = {
|
static const struct ssh_kex ssh_diffiehellman_gex_sha1 = {
|
||||||
"diffie-hellman-group-exchange-sha1", NULL,
|
"diffie-hellman-group-exchange-sha1", NULL,
|
||||||
KEXTYPE_DH, NULL, NULL, 0, 0, &ssh_sha1
|
KEXTYPE_DH, &ssh_sha1, &extra_gex,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const gex_list[] = {
|
static const struct ssh_kex *const gex_list[] = {
|
||||||
|
@ -115,14 +132,21 @@ static void dh_init(struct dh_ctx *ctx)
|
||||||
ctx->x = ctx->e = NULL;
|
ctx->x = ctx->e = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int dh_is_gex(const struct ssh_kex *kex)
|
||||||
|
{
|
||||||
|
const struct dh_extra *extra = (const struct dh_extra *)kex->extra;
|
||||||
|
return extra->pdata == NULL;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialise DH for a standard group.
|
* Initialise DH for a standard group.
|
||||||
*/
|
*/
|
||||||
void *dh_setup_group(const struct ssh_kex *kex)
|
void *dh_setup_group(const struct ssh_kex *kex)
|
||||||
{
|
{
|
||||||
|
const struct dh_extra *extra = (const struct dh_extra *)kex->extra;
|
||||||
struct dh_ctx *ctx = snew(struct dh_ctx);
|
struct dh_ctx *ctx = snew(struct dh_ctx);
|
||||||
ctx->p = bignum_from_bytes(kex->pdata, kex->plen);
|
ctx->p = bignum_from_bytes(extra->pdata, extra->plen);
|
||||||
ctx->g = bignum_from_bytes(kex->gdata, kex->glen);
|
ctx->g = bignum_from_bytes(extra->gdata, extra->glen);
|
||||||
dh_init(ctx);
|
dh_init(ctx);
|
||||||
return ctx;
|
return ctx;
|
||||||
}
|
}
|
||||||
|
|
3
sshdss.c
3
sshdss.c
|
@ -675,5 +675,6 @@ const struct ssh_signkey ssh_dss = {
|
||||||
dss_verifysig,
|
dss_verifysig,
|
||||||
dss_sign,
|
dss_sign,
|
||||||
"ssh-dss",
|
"ssh-dss",
|
||||||
"dss"
|
"dss",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
12
sshecc.c
12
sshecc.c
|
@ -3473,6 +3473,7 @@ const struct ssh_signkey ssh_ecdsa_ed25519 = {
|
||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ssh-ed25519",
|
"ssh-ed25519",
|
||||||
"ssh-ed25519",
|
"ssh-ed25519",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
||||||
|
@ -3490,6 +3491,7 @@ const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp256",
|
"ecdsa-sha2-nistp256",
|
||||||
"ecdsa-sha2-nistp256",
|
"ecdsa-sha2-nistp256",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
||||||
|
@ -3507,6 +3509,7 @@ const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp384",
|
"ecdsa-sha2-nistp384",
|
||||||
"ecdsa-sha2-nistp384",
|
"ecdsa-sha2-nistp384",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
||||||
|
@ -3524,6 +3527,7 @@ const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp521",
|
"ecdsa-sha2-nistp521",
|
||||||
"ecdsa-sha2-nistp521",
|
"ecdsa-sha2-nistp521",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
/* ----------------------------------------------------------------------
|
/* ----------------------------------------------------------------------
|
||||||
|
@ -3701,19 +3705,19 @@ void ssh_ecdhkex_freekey(void *key)
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct ssh_kex ssh_ec_kex_curve25519 = {
|
static const struct ssh_kex ssh_ec_kex_curve25519 = {
|
||||||
"curve25519-sha256@libssh.org", NULL, KEXTYPE_ECDH, NULL, NULL, 0, 0, &ssh_sha256
|
"curve25519-sha256@libssh.org", NULL, KEXTYPE_ECDH, &ssh_sha256, NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp256 = {
|
static const struct ssh_kex ssh_ec_kex_nistp256 = {
|
||||||
"ecdh-sha2-nistp256", NULL, KEXTYPE_ECDH, NULL, NULL, 0, 0, &ssh_sha256
|
"ecdh-sha2-nistp256", NULL, KEXTYPE_ECDH, &ssh_sha256, NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp384 = {
|
static const struct ssh_kex ssh_ec_kex_nistp384 = {
|
||||||
"ecdh-sha2-nistp384", NULL, KEXTYPE_ECDH, NULL, NULL, 0, 0, &ssh_sha384
|
"ecdh-sha2-nistp384", NULL, KEXTYPE_ECDH, &ssh_sha384, NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp521 = {
|
static const struct ssh_kex ssh_ec_kex_nistp521 = {
|
||||||
"ecdh-sha2-nistp521", NULL, KEXTYPE_ECDH, NULL, NULL, 0, 0, &ssh_sha512
|
"ecdh-sha2-nistp521", NULL, KEXTYPE_ECDH, &ssh_sha512, NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const ec_kex_list[] = {
|
static const struct ssh_kex *const ec_kex_list[] = {
|
||||||
|
|
7
sshrsa.c
7
sshrsa.c
|
@ -917,7 +917,8 @@ const struct ssh_signkey ssh_rsa = {
|
||||||
rsa2_verifysig,
|
rsa2_verifysig,
|
||||||
rsa2_sign,
|
rsa2_sign,
|
||||||
"ssh-rsa",
|
"ssh-rsa",
|
||||||
"rsa2"
|
"rsa2",
|
||||||
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
void *ssh_rsakex_newkey(char *data, int len)
|
void *ssh_rsakex_newkey(char *data, int len)
|
||||||
|
@ -1057,11 +1058,11 @@ void ssh_rsakex_encrypt(const struct ssh_hash *h, unsigned char *in, int inlen,
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct ssh_kex ssh_rsa_kex_sha1 = {
|
static const struct ssh_kex ssh_rsa_kex_sha1 = {
|
||||||
"rsa1024-sha1", NULL, KEXTYPE_RSA, NULL, NULL, 0, 0, &ssh_sha1
|
"rsa1024-sha1", NULL, KEXTYPE_RSA, &ssh_sha1, NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex ssh_rsa_kex_sha256 = {
|
static const struct ssh_kex ssh_rsa_kex_sha256 = {
|
||||||
"rsa2048-sha256", NULL, KEXTYPE_RSA, NULL, NULL, 0, 0, &ssh_sha256
|
"rsa2048-sha256", NULL, KEXTYPE_RSA, &ssh_sha256, NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const rsa_kex_list[] = {
|
static const struct ssh_kex *const rsa_kex_list[] = {
|
||||||
|
|
Загрузка…
Ссылка в новой задаче